We are creating a Silverlight application and need to have a few parameters pass in with the URL from calling site.
example: http://oursite.com/index.aspx?test=d53ae99b-06a0-4ba7-81ed-4556adc532b2
We want to give the calling website 'test' string that links back to the GUID of our table which tells the Silverlight application what it's task is when they arrive. We also use this GUID for authentication on our application among other things.
The GUID are as such:
Encrypted, the values are much longer:
My question is, with security in mind, should we give them the GUID encrypted or like it is, unencrypted?
Does it matter?
What is everyone's experience with this type of parameter passing?
In matters of encryption, the key is to define your security context. What might someone be able to do if they had access to the original GUIDs? If they couldn't do anything hazardous, there's no point encrypting, and it's generally best not to encrypt. If there's any security risk posed by this information being publicly available, you'd better encrypt it.
Since you say:
We also use this guid for authentication on our application among other things
... I'm guessing you'll want to encrypt. But you may want to re-think your authentication strategy. It's often best to use time-tested, well-accepted methods for things like authentication and encryption, since you can be relatively certain that there aren't unknown exploits.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With