How to encrypt SSN in querystring?

  • Thread starter Thread starter Jeff
  • Start date Start date
J

Jeff

Hi

asp.net 4.0
visual studio 2010

I'm developing a website which will have ssn included in the querystring.
Are looking for ways to encrypt it.
Have thought about using System.Security.Cryptography namespace. But haven't
decided on which class to use. Considering X509Certificate. Also I think the
url have to SSL.

Thinking of encrypt the entire querystring, parameter name and parameer
value gets encrypted.

any recommendations?
 
Jeff said:
Hi

asp.net 4.0
visual studio 2010

I'm developing a website which will have ssn included in the querystring.
Are looking for ways to encrypt it.
Have thought about using System.Security.Cryptography namespace. But haven't
decided on which class to use. Considering X509Certificate. Also I think the
url have to SSL.

Thinking of encrypt the entire querystring, parameter name and parameer
value gets encrypted.

any recommendations?
Click to expand...

You need to come up with something else. There would be no way I would
come to your site with you using a SSN in the URL encrypted or not or
SSL, not in today's environment and identity theift.
 
hi Jeff,

I'm developing a website which will have ssn included in the querystring.
Are looking for ways to encrypt it.
Have thought about using System.Security.Cryptography namespace. But haven't
decided on which class to use. Considering X509Certificate. Also I think the
url have to SSL.

Thinking of encrypt the entire querystring, parameter name and parameer
value gets encrypted.

any recommendations?
Click to expand...
Use SSL, any other "encryption" can be broken. Use AJAX, if you want to
hide the information from the user.


mfG
--> stefan <--
 
hi Jeff,

On 09.06.2010 19:07, Jeff wrote:> I'm developing a website which will have ssn included in the querystring.



Use SSL, any other "encryption" can be broken. Use AJAX, if you want to
hide the information from the user.

mfG
--> stefan <--
Click to expand...

Hi Jeff,

Better not to send SSN via querystring. For that matter, it is adviced
not to plug in any sensitive data in querystring. There could be
alternatives for sure.

Thanks,
Rajeev
 
Hi

asp.net 4.0
visual studio 2010

I'm developing a website which will have ssn included in the querystring.
Are looking for ways to encrypt it.
Have thought about using System.Security.Cryptography namespace. But haven't
decided on which class to use. Considering X509Certificate. Also I think the
url have to SSL.

Thinking of encrypt the entire querystring, parameter name and parameer
value gets encrypted.

any recommendations?
Click to expand...

Hello:
Don't use query string. The spec for URL length does not dictate a
minimum or maximum URL length, but implementation varies by browser.
On Windows: Opera supports ~4050 characters, IE 4.0+ supports exactly
2083 characters, Netscape 3 -> 4.78 support up to 8192 characters
before causing errors on shut-down, and Netscape 6 supports ~2000
before causing errors on start-up. Encrypted SSN would be bigger than
this max length. Try to use post instead. And use ssl, it would
encrypt the whole page.
 
Back
Top