Query String Encryption in Javascript and Decryption in Generic Handler [closed]

Question

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 9 years ago.

I have a situation wherein I need to encrypt a query string in JS so that it becomes unreadable and decrypt in a Generic Handler. Can you gimme some links for this ?

Can you suggest some other method to this?

I've seen the method applied to a lot of sites

www.somesite.com/SomeHandler.ashx?QueryStringData=ghsgysghetwRFDTVW5632

Answer 1

If you need to transmit sensitive data over a potentially insecure network (such as a public WiFi access point), use HTTPS. It takes care of encrypting the data, and, more importantly, also ensures that other parts of the communication (such as JavaScript code sent from the server) are not tampered with.

If you don't use HTTPS, doing any sort of encryption in JavaScript will always be insecure, since a middle-man attacker can just modify the script sent to the browser. If you do use HTTPS, there's generally no need to do crypto in JavaScript, since the transport layer already encrypts all data sent to and from the server.

Answer 2

Your approach is generally insecure. You should never expose a general purpose SQL interface via web interface.

If you only want to execute certain SQL commands implement them on server side and only extract the required parameters from the URL. Everything else will result in a direct SQL injection interface of your database.