> I'd like to know if anyone knows how to encrypt the value of a URL parameter
Hi Ray,
There are a few solutions depending on your needs.
1. If you don't want the user to see the URL in the location text box of
the browser, then simply change your FORM HTML from "METHOD=GET" to
"METHOD=POST". The POST is not displayed in the browser location.
Most modern browsers are smart enough to still have the enter-key
mean to submit the form.
2. If your users have JavaScript and very weak encryption is acceptable,
you can use any kind of simple encryption or lettershift in JavaScript.
I am attaching sample code below for the trivial Rot13 JavaScript.
If you use METHOD=GET, the user will see the encrypted username.
3. If your users have JavaScript and cookies, then you can stuff the
username into a cookie before the form is submitted by the browser.
I am attaching sample code below for setting a browser cookie.
4. If you really do need bulletproof encryption in your browser,
you can get a JavaScript implementation of DES from secURLinx.
It's pretty nifty, and I am attaching an example page from them.
5. If your goal is to make sure that no hacker snoops your usernames and
passwords during trasmission from the browser to the server, definitely
use strong encryption like DES-3, El Gamal, SSL and HTTPS.
Cheers,
Joel ([EMAIL PROTECTED])
/*****************************************************************
CUT HERE rot13.html
******************************************************************/
<SCRIPT LANGUAGE="JavaScript"><!--
var coding =
'ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMabcdefghijklmnopqrstuvwxyzabcdefghijklm';
function rot13() {
var value = document.myForm.myText.value;
for (var text = '',i=0;i<value.length;i++) {
character = value.charAt(i);
position = coding.indexOf(character);
if (position > -1)
character = coding.charAt(position + 13);
text += character;
}
document.myForm.myText.value = text;
}
//--></SCRIPT>
<form name=myForm>
<input name=myText>
<input type=button value=encrypt onClick="rot13()">
</form>
/*****************************************************************
CUT HERE cookie.html
******************************************************************/
<SCRIPT LANGUAGE="JavaScript"><!--
function setCookie(name,value,expires,path,domain,secure) {
document.cookie = name + "=" +escape(value) +
( (expires) ? ";expires=" + expires.toGMTString() : "") +
( (path) ? ";path=" + path : "") +
( (domain) ? ";domain=" + domain : "") +
( (secure) ? ";secure" : "");
}
var today = new Date();
var expires = new Date(today.getTime() + (56 * 86400000));
function submit() {
setCookie("myText",document.myForm.myText.value),expires);
document.myForm.myText.value="";
}
//--></script>
<form name=myForm onSubmit="return submit();">
<input name=myText><input type=submit>
</form>
/*****************************************************************
CUT HERE des.html
******************************************************************/
<html><head>
<meta http-equiv="Copyright" content="Daniel de Lyon Limited">
<meta http-equiv="Author" content="Keith A Pegler">
<title>The Data Encryption Standard</title>
</head>
<script language="JavaScript1.2"
src="http://users.computerweekly.net/securlinx/javascripts/securlinx_v100.js"></script>
<script language="JavaScript1.2"
src="http://www.javascripts.com/repository/script370628_3_2.js"></script>
<script language="JavaScript1.2">
function encrypt()
{
var cipher_returned = new Array(2);
cipher_returned = des$_encrypt(
document.pass["word"].value,
document.encryption["key"].value
);
document.cipher[0].value = cipher_returned[0];
document.cipher[1].value = cipher_returned[1];
}
</script>
<h1 align="center">
<a href="http://users.computerweekly.net/securlinx/">
secURLinx
</a>
</h1>
<form method="get" name="pass">
<input type="text" size="8" name="word" onchange="changed(this);">
Password here
</form>
<form name="pbits">
<input type="text" size="8" name="0">
<input type="text" size="8" name="1">
<input type="text" size="8" name="2">
<input type="text" size="8" name="3">
<input type="text" size="8" name="4">
<input type="text" size="8" name="5">
<input type="text" size="8" name="6">
<input type="text" size="8" name="7">
Password bits (read-only)
</form>
<form name="encryption">
<input type="text" size="8" name="key" onchange="changed(this);">
Encryption key here (same as password recommended)
</form>
<form name="kbits">
<input type="text" size="8" name="1">
<input type="text" size="8" name="2">
<input type="text" size="8" name="3">
<input type="text" size="8" name="4">
<input type="text" size="8" name="5">
<input type="text" size="8" name="6">
<input type="text" size="8" name="7">
<input type="text" size="8" name="8">
Key bits (read-only)
</form>
<input type="submit" name="encrypt" value="Encrypt"
onclick="changed(this);">
<form name="cipher">
<input type="text" size="16" name="1">
<input type="text" size="16" name="2">
Cipher (read-only)
</form>
</body>
</html>
_________________________________________________________________________
For help in using, subscribing, and unsubscribing to the discussion
forums, please go to: http://www.netdynamics.com/support/visitdevfor.html
For dire need help, email: [EMAIL PROTECTED]
