You could use sessions or if that is not preferred use an encryption plugin extension like 'GenerateSaltedMD5Hash' from the PlatformPaswordUtils. or get one from the forge (I vaguely remember one there called crypto something) 

Hi Michael,

The component Eric is refering is CryptoAPI.

Some of the options you have are thease:

• Encrypt all the inputs. In this case is still possible to see the number of inputs.
• Transform all inputs into a JSON. Ecrypt that JSON and sent it as input
• Save all inputs on a database record with a guid associated. Send the guid as input

And for sure you have a lot more options to secure your data if you are creative.

Regards,

Marcelo

Hi,

You can approach this on a couple of ways. The one proposes makes it not easy for the developer(s) to debug.

If you take a look at https://www.outsystems.com/forge/component/632/urlencryption/ it might suit your need better. It encrypts the url, only on IIS level, which means the end-user only sees it encrypted, while the debugger works as is..

Furthermore, you do it per module/espace i believe and not per screen, so that makes life also easier.

Hi Michael,

You should use AES_Decrypt and AES_Encrypt with key set by yourself to start. Or for more advance use you can use the actions of the component to create keys.

You can also try J. suggestion. I will try it for sure.

Regards,

Marcelo

Hi J.,

Are you sure this component work? I was trying it on my personal environment (version 10) and it doesn't work. Beside that I read the support of the component and it looks like it doesn't work since version 9. Were you able to make it work?

Regards,

Marcelo

Michael Chu wrote:

Hi Michael,

You can also change the Method of the "Link / Button" to Submit. This will execute a "Post" as requested method and will send the data in the body of the request. Data is also encrypted since Outsytems ViewState is encrypted.

The most secure way is using the Session but, of course, you will have to manage the session size.

Kind regards,

Miguel Sousa

Hi Michael,

AES_Encrypt have this 2 inputs:

• Plaintext -  the text you want to input
• Key -  how cypher works is you need a key that will be used to encrypt/decrypt the text. key is any string you decide to use as key.You can read about it here https://en.wikipedia.org/wiki/Key_(cryptography). 

and as output you will get Ciphertext

@Miguel Submit is not a secure option. I will be able to see the input anyway on browser tools. Beside you run the preparation again of the screen you are in (bad for performance).

Regards,

Marcelo

Hi!

Is URLEncryption working at all in OS 10? I installed it but still can't get any result from it.
If espace marked as IsEncryptionActive, should action Destination automatically generate a proper url?
If not, where should it have affect?

When I take a certification exam, A question just like this. What is the simplest way to hide a screen input parameter to prevent the user change the parameter value to show data, that they should not be seen?

I didn't remember the answer option clear. But something like bellow. 

A, Change to post

B, Enable SSL/TLS

C, Check whether a user is logged in on prepare.

D, Add an encrypted parameter and check on prepare.

Which one is correct?

Regards