Encryption-like creation of unique strings

  • Thread starter Thread starter panik
  • Start date Start date
P

panik

Hi,

I'm looking for something similar to Encryption.
I'd like to generate URL's with a format that avoids visible ID's (e.g.
http://thesite/viewlink.aspx?ID=105)
Instead, I'd like to generate a string as a unique identifier (e.g.:
http://thesite/viewlink.aspx?EgtjkEdksmqqiope ) that holds the necessary
data to display the correct content.

The unique identifier (EgtjkEdksmqqiope in the example) should be read back
in and return a value that was put into it.

GUID's are not an option, for obvious reasons (they don't hold data). And we
want to avoid an extra table in the database that would match GUID's to
Foreign Keys of another table.
I tried encryption, but the encryption often holds characters that are not
allowed in URL's. Secondly, encryption needs Initialization Vectors. I can't
have these stored on the server for use when encrypting and decrypting.

Is there a solution to this?

Thanks a lot for the help and/or advice,
Vincent
 
How about using a base64 encoding.

I guess the question is, how secure do you want it? Base64 encoding will
hide the actual ID, but can be easily decoded and spoofed if a person was
really determined. If you go the route of encryption, you might try doing a
URL encoding on the encrypted contents to ensure that all characters can be
represented in the URL.
 
Hi,

As for the Init Vectors, don't take them so seriously. A mere ID, I suppose,
is not such a valuable piece of data a hacker would pursue so aggresively
that he would hack the whole server to obtain it. The hacker would rather be
searching for the database files in the first place then :-)

As for the not allowed characters, you can represent such characters as
%nnnn where nnnn is a numeric code of the character. The
ServerUtility.UrlEncode method should do that for you.

But I really believe you can do away with something really simple, like
adding some random bits to the ID and encoding the IDs into Base64. When the
ID is posted back to the server, it is decoded and the meaningful part of
the ID is extracted.
 
panik said:
I'm looking for something similar to Encryption.
I'd like to generate URL's with a format that avoids visible ID's (e.g.
http://thesite/viewlink.aspx?ID=105)
Instead, I'd like to generate a string as a unique identifier (e.g.:
http://thesite/viewlink.aspx?EgtjkEdksmqqiope ) that holds the necessary
data to display the correct content.

The unique identifier (EgtjkEdksmqqiope in the example) should be read back
in and return a value that was put into it.

GUID's are not an option, for obvious reasons (they don't hold data). And we
want to avoid an extra table in the database that would match GUID's to
Foreign Keys of another table.
I tried encryption, but the encryption often holds characters that are not
allowed in URL's.
Click to expand...

Well, you can get round that just by Base64 encoding the result. Note
that encryption doesn't give back *characters* at all, it gives back
bytes.
Secondly, encryption needs Initialization Vectors.
I can't have these stored on the server for use when encrypting and decrypting.
Click to expand...

Well, you could have constant but private initialization vectors, or
(if you don't mind IDs becoming invalid when the application is
unloaded/reloaded) you could just create an IV and stash it away in an
appropriate place in memory.
 
Hi,

thanks all for your answers.
I cannot place the IV in memory, as I do mind about the URL's still working
after restarting the application. I haven't thought about URLEncoding.
Pretty simple, but I didn't think of it.
But I'll have a look at Base64 encoding.

Thanks to all people who replied and thanks for mentioning Base64.

Vincent
 
Back
Top