I work on a web-application that is written in C#/ASP.NET. The original framers of this application chose to use encrypted query strings and Viewstate
to control the 'security' and 'state' of the application.
Having come from a GET/POST world before this, I don't have a good basis for understanding why people would go through the trouble of encrypting query strings, when using POST for sensitive data (along with SSL) would achieve a similar level of security.
My question is: What are the advantages and disadvantages of using Encrypted Query Strings in ASP.NET? Is there a documented 'best practice' for this?
Edit: People tend to focus on Viewstate
in this question. Don't. Viewstate was mentioned only to give you a better idea to ascertain how 'state' was managed, since that is tangentially related to URLs. I never said Viewstate
was encrypted. There really are two issues: 1) The Use of Viewstate
, and 2) the Use of encrypted query strings. This question is focused on the latter. I hope that helps to clear up the focus of the question.
A reason why you might do something like this is to prevent tampering with the URL to get access to data other than your own. For example, if you have the url:
http://foo.com/user.aspx?user_id=123
it wouldn't be hard for me (or anyone) to change that to:
http://foo.com/user.aspx?user_id=124
If your data access strategy relies entirely on what's in the querystring, that could allow unauthorized access to data.
This approach does serve that purpose correctly, but a more robust way to get there is to actively check authorization within the application, and never rely exclusively on the URL for authentication and / or authorization purposes.
Note that this has nothing to do with SSL - that ensures privacy between the browser and server, but you can be under a perfectly secure connection and still tamper with the URL.
Well, arguably it allows you to distribute a url for the page, but a better approach here might be something involving a guid as an opaque identifier to a permalink... perhaps it is useful for scripting purposes?
If it is between pages on the same app, then a POST over SSL would indeed seem to make more sense. Can you ask the original designers? Read the design documents?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With