WebApp Sec mailing list archives

Encrypted URL

From: lupin <lupin9809 () hotmail com>
Date: 30 Jan 2004 10:28:44 -0000



I've seen a couple highly secure Web Application that use encrypted url.

Actually they encrypt the parameter query string.

Example URL:

http://example.com/796e62113e2936383e2b1796d626e676a6f6b6a6b6c67006a/appl?Toto=796f62796c62796e6c62796b621730323a08362b37083a333c30323a0f38796662113e29791c54683b3a312b796e6d620f2d3a1e3c3c302a312b133e2c2b1d3030343631382c1e3c2b796862123e3631113e29e2b363031001e3c3c302a312b123a312a001e3c3c302a312b133e2c2b1d3030343631382c791930333b3a2d173e2a4e3033302d62123e3631113e2936383e2b363031001e3c3c302a312b123a312a001e3c3c302a312b133e2c2b1d3030343631382c

I think this is a great way to protect against parameter tampering attacks.

Does anybody know more about this technique? Papers etc..? How to implement it? Google didn't help me a lot?

What is you point of view? Do you think it will help to prevent all the parameter attack (XSS, SQL inj. etc...)?

Thanks a lot for your response in advance.

Current thread:

Encrypted URL lupin (Jan 30)
- Re: Encrypted URL Jeff Williams @ Aspect (Jan 30)
- Re: Encrypted URL Thomas Chiverton (Jan 30)
- Re: Encrypted URL Adam Tuliper (Jan 30)
- Re: Encrypted URL Tim Greer (Jan 30)
- Re: Encrypted URL dreamwvr () dreamwvr com (Jan 30)
- RE: Encrypted URL Bryan Murphy (Jan 30)
- Re: Encrypted URL Lars Johannesen (Jan 30)
- Re: Encrypted URL B. Johannessen (Jan 30)
  - Re: Encrypted URL Stephen de Vries (Jan 30)
    - Re: Encrypted URL B. Johannessen (Jan 30)

(Thread continues...)