Encrypting URL Parameters

Hi,

I have  a URL which has around 5 input parameters. Now I want to encrypt the parameters in such a way that the whole URL should not be more than 256 characters. I was using MD5 hash algorithm to generate encrypted string but it encrypts each string having 32 characters after encryption. I learnt that AES algorithm can generate comparatively shorter encrypted string but how to achieve it on outsystems. Crypto AES exists but it's not supported on Outsystems 10. 

Any suggestion? 

Hi Shaskankit,

Did you already have a look at the Crypto API? (https://www.outsystems.com/forge/component/437/cryptoapi/)

Kind regards,
Martijn Habraken

Hi,


Using session variables is not a good solution for you? In that way you can protect sensible data.


Regards,

Ricardo

Shashankit Thakur wrote:

Hi,

I have  a URL which has around 5 input parameters. Now I want to encrypt the parameters in such a way that the whole URL should not be more than 256 characters. I was using MD5 hash algorithm to generate encrypted string but it encrypts each string having 32 characters after encryption. I learnt that AES algorithm can generate comparatively shorter encrypted string but how to achieve it on outsystems. Crypto AES exists but it's not supported on Outsystems 10. 

Any suggestion? 

MD5 (or SHA1/2 for that matter) is not encryption but actually a hashing algorithm, which means that you can not get the information back from the hash itself, and that's why they work with fixed sizes. Encryption will not guarantee a max size of the encrypted content.

Having said that, if your problem is size, perhaps using compression (gzip) would be a better start. If you have a WAF which is inspecting the size of your URLs, using POST instead of GET will perhaps help you minimize the impact. SEO rule mappings can also be helpful.


Shashankit Thakur wrote:

Hi,

I have  a URL which has around 5 input parameters. Now I want to encrypt the parameters in such a way that the whole URL should not be more than 256 characters. I was using MD5 hash algorithm to generate encrypted string but it encrypts each string having 32 characters after encryption. I learnt that AES algorithm can generate comparatively shorter encrypted string but how to achieve it on outsystems. Crypto AES exists but it's not supported on Outsystems 10. 

Any suggestion? 

Hi Shashankit,

Here you are saying that URL is limited upto 256 characters, but url have more 256 allowed, i am not sure about the max length, and why do you want to limit the URL chars.

And dont pass any sensitive info in URLs, reorganize your logic to make minimal info in URL parameters, if you explain your business case will be easy to us to help you more.


Thanks,

Balu