WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encrypted URL

From: "Lars Johannesen" <cipherz () slamsoft dk>
Date: Fri, 30 Jan 2004 16:33:21 -0000
I think it might help some, but the problem with SQL injections and other
various methods to "deface" or in other way damage a website, is because of
bad code.

Though this could be an interesting way to slow/stop the attacker.

But wouldn't it eat up a lot of cpu on large scale websites ?

 ... My 2 cents

 -Cheers,
     Ciph
----- Original Message ----- 
From: "lupin" <lupin9809 () hotmail com>
To: <webappsec () securityfocus com>
Sent: Friday, January 30, 2004 10:28 AM
Subject: Encrypted URL





I've seen a couple highly secure Web Application that use encrypted url.

Actually they encrypt the parameter query string.

Example URL:



http://example.com/796e62113e2936383e2b1796d626e676a6f6b6a6b6c67006a/appl?Toto=796f62796c62796e6c62796b621730323a08362b37083a333c30323a0f38796662113e29791c54683b3a312b796e6d620f2d3a1e3c3c302a312b133e2c2b1d3030343631382c1e3c2b796862123e3631113e29e2b363031001e3c3c302a312b123a312a001e3c3c302a312b133e2c2b1d3030343631382c791930333b3a2d173e2a4e3033302d62123e3631113e2936383e2b363031001e3c3c302a312b123a312a001e3c3c302a312b133e2c2b1d3030343631382c


I think this is a great way to protect against parameter tampering

attacks.


Does anybody know more about this technique? Papers etc..? How to

implement it? Google didn't help me a lot?


What is you point of view? Do you think it will help to prevent all the

parameter attack (XSS, SQL inj. etc...)?


Thanks a lot for your response in advance.
Previous By Date Next
Previous By Thread Next

Current thread: