asp.net - Should I encrypt a GUID passed by URL-parameters? -

-

we creating silverlight application , need have few parameters pass in url calling site.

example: http://oursite.com/index.aspx?test=d53ae99b-06a0-4ba7-81ed-4556adc532b2

we want give calling website 'test' string links guid of our table tells silverlight application it's task when arrive. use guid authentication on our application among other things.

the guid such:

  1. d53ae99b-06a0-4ba7-81ed-4556adc532b2
  2. 8354b838-99b3-4b4c-bb07-7cf68620072e

encrypted, values longer:

  1. l5gyhpwsbuw8kdd+tpwjosoofdf0lzmgzd4uuflx+v/d3ebygz6zpcrjvcrmg2tg
  2. wvmn7b0fpa18/q7+u4njb5aoknx6ga9xoasvcet6myjm5tv6do86oexacxdixaes

my question is, security in mind, should give them guid encrypted or is, unencrypted?

does matter?

what everyone's experience type of parameter passing?

in matters of encryption, key define security context. might able if had access original guids? if couldn't hazardous, there's no point encrypting, , it's best not encrypt. if there's security risk posed information being publicly available, you'd better encrypt it.

since say:

we use guid authentication on our application among other things

... i'm guessing you'll want encrypt. may want re-think authentication strategy. it's best use time-tested, well-accepted methods things authentication , encryption, since can relatively there aren't unknown exploits.


Comments

Post a Comment

Popular posts from this blog

Javascript line number mapping -

-
magically formatted comments change reported line number of javascript errors in browsers; this: //@line n "f" n line number , f file name. unfortunately, //@line appears ungoogleable. know there documentation on feature, , browsers support it? (i found references here , here .) from can find available in mozilla based browsers. it using js_setoptions command can turn these options on or off depending on values passed. https://developer.mozilla.org/en/js_setoptions
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ...
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more