Has anyone seen anything out there that 'validates' a query string - i.e. ensures that the user hasn't altered the contents of the QueryString - for example on this page:
http://www.xtremedotnettalk.com/newthread.php?do=newthread&f=62
I could change the f=62 to f=54 to enter a new thread on the Windows forum.
Now let me say before anyone tries to correct me, that I know there are other ways around the situation - I've just found a caveat in those other ways that can be worked around, but implementing my idea would be easier - IMO; it's clever, but clever isn't always good.
I'm just trying to find out if someone has already done this and I'm wasting my time....what if I digitally signed the query string? In otherwords use a keyed hash algorithm, passing that hash value in the query string to make sure the other values in the query string weren't tampered with? I've already designed it out and I think it will be pretty cool, but as any good coder knows, just because it's cool doesn't mean it's useful.
Would other people find this valuable if no one else has ever done it?
http://www.xtremedotnettalk.com/newthread.php?do=newthread&f=62
I could change the f=62 to f=54 to enter a new thread on the Windows forum.
Now let me say before anyone tries to correct me, that I know there are other ways around the situation - I've just found a caveat in those other ways that can be worked around, but implementing my idea would be easier - IMO; it's clever, but clever isn't always good.
I'm just trying to find out if someone has already done this and I'm wasting my time....what if I digitally signed the query string? In otherwords use a keyed hash algorithm, passing that hash value in the query string to make sure the other values in the query string weren't tampered with? I've already designed it out and I think it will be pretty cool, but as any good coder knows, just because it's cool doesn't mean it's useful.
Would other people find this valuable if no one else has ever done it?