Ask a Question related to ASP.NET Security, Design and Development.
-
Ritesh #1
Encryption of the query string in the URL
Hi
We found out about this weird problem that happens on the encrypted string that we send across as a query string on the url. The page shows the erro
"The page has encountered an error...." and when I go to the the view source it displays this message
<!-- Error Information
Error: A potentially dangerous Request.QueryString value was detected from the client (aub="<!-- Error Informati...")
StackTrace: at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName
at System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName
at System.Web.HttpRequest.get_QueryString(
at System.Web.UI.Page.GetCollectionBasedOnMethod(
at System.Web.UI.Page.DeterminePostBackMode(
at System.Web.UI.Page.ProcessRequestMain(
at System.Web.UI.Page.ProcessRequest(
at System.Web.UI.Page.ProcessRequest(HttpContext context
at System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute(
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously
--
Now I know that this is encountered when the string has some invalid characters, but we checked the string that is generated due to the encryption
The real string is BA\cjg1760
and the encrypted string i
yqtlVNykIrXno79onQdGxg=
We are also encoding the string by using the Server.UrlEncode statement. the string is
yqtlVNykIrXno79onQdGxg%3d%3d
after the encoding
I have checked for invalid or dangerous (script type characters) in the string but everything looks good. Now this error occurs only on thius one user out of almost 2000 users
Another weird thing is , if we do another Server.UrlEncode on the string and then decode it while retreiving, it works fine..
If any of you have encountered similar problems, please let me know what workaround you used. Right now only thing i can think of is use th
<pages validateRequest="false"> statement in the Web.confi
thanks in advance
Ritesh
Ritesh Guest
-
query string
hi there, i'm working on a very simple flash data integration project, i have been trying to send a query string without opening/reloading a... -
Encryption and CF Query
When attempting to filter a query with an encrypted password, somewhere along the lines, the encrypted password doesnt validate with the database. ... -
Maintain query string and somehow auto refresh a pagewith that string intact
I have a drill down where on page one the user selects criteria to narrow down the search for a speicific group of employees(like all hired between... -
Get String Encryption Without Reconfiguring or Recompiling PHP
Of course, one could always use other kinds of encryption/encoding/obfuscation techniques such as XOR complement, but this example provides an... -
database connection string encryption and decryption
Hi I want to encrypt the database connection string and add it to web.config file. Before connecting to the database I want to decrypt it. Can... -
David Coe #2 RE: Encryption of the query string in the URL
It sounds like you are encrypting the query string, then encoding it, then attempting to decrypt it. You will also need a step in there that decodes it before trying to decrypt it.
David Coe Guest
-
Ritesh Desai #3 RE: Encryption of the query string in the URL
Hi ,
Thnaks for the reply. The first decode happens automatically when I try
to retrieve it. SO there is no decode statement.
More I see it, I think it to be a bug in the Microsoft cross site
scripting program. It seems to script out valid strings.
You know it works, if i change the case of any letter(s) within the
windows id. It seems to me that the encrypted and encoded string screws
something up in the cross site scripting program.
THanks
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Ritesh Desai Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
