WebApp Sec mailing list archives
Re: Encrypted URL
From: "Lars Johannesen" <cipherz () slamsoft dk>
Date: Fri, 30 Jan 2004 16:33:21 -0000
I think it might help some, but the problem with SQL injections and other various methods to "deface" or in other way damage a website, is because of bad code. Though this could be an interesting way to slow/stop the attacker. But wouldn't it eat up a lot of cpu on large scale websites ? ... My 2 cents -Cheers, Ciph ----- Original Message ----- From: "lupin" <lupin9809 () hotmail com> To: <webappsec () securityfocus com> Sent: Friday, January 30, 2004 10:28 AM Subject: Encrypted URL
I've seen a couple highly secure Web Application that use encrypted url. Actually they encrypt the parameter query string. Example URL:
http://example.com/796e62113e2936383e2b1796d626e676a6f6b6a6b6c67006a/appl?Toto=796f62796c62796e6c62796b621730323a08362b37083a333c30323a0f38796662113e29791c54683b3a312b796e6d620f2d3a1e3c3c302a312b133e2c2b1d3030343631382c1e3c2b796862123e3631113e29e2b363031001e3c3c302a312b123a312a001e3c3c302a312b133e2c2b1d3030343631382c791930333b3a2d173e2a4e3033302d62123e3631113e2936383e2b363031001e3c3c302a312b123a312a001e3c3c302a312b133e2c2b1d3030343631382c
I think this is a great way to protect against parameter tampering
attacks.
Does anybody know more about this technique? Papers etc..? How to
implement it? Google didn't help me a lot?
What is you point of view? Do you think it will help to prevent all the
parameter attack (XSS, SQL inj. etc...)?
Thanks a lot for your response in advance.
Current thread:
- Encrypted URL lupin (Jan 30)
- Re: Encrypted URL Jeff Williams @ Aspect (Jan 30)
- Re: Encrypted URL Thomas Chiverton (Jan 30)
- Re: Encrypted URL Adam Tuliper (Jan 30)
- Re: Encrypted URL Tim Greer (Jan 30)
- Re: Encrypted URL dreamwvr () dreamwvr com (Jan 30)
- RE: Encrypted URL Bryan Murphy (Jan 30)
- Re: Encrypted URL Lars Johannesen (Jan 30)
- Re: Encrypted URL B. Johannessen (Jan 30)
- Re: Encrypted URL Stephen de Vries (Jan 30)
- Re: Encrypted URL B. Johannessen (Jan 30)
- Re: Encrypted URL Michael Ströder (Feb 02)
- Re: Encrypted URL Kenneth Peiruza (Feb 02)
- Re: Encrypted URL dreamwvr () dreamwvr com (Feb 02)
- Re: Encrypted URL Stephen de Vries (Jan 30)
- Re: Encrypted URL Kenneth Peiruza (Jan 30)
- Re: Encrypted URL Ulf Härnhammar (Jan 30)
- Re: Encrypted URL Daniel Souza (Jan 30)
- Re: Encrypted URL David Wall @ Yozons, Inc. (Jan 31)
- Re: Encrypted URL Daniel Souza (Jan 30)
(Thread continues...)