Jump to content
Xtreme .Net Talk

Recommended Posts

Posted

Has anyone seen anything out there that 'validates' a query string - i.e. ensures that the user hasn't altered the contents of the QueryString - for example on this page:

 

http://www.xtremedotnettalk.com/newthread.php?do=newthread&f=62

 

I could change the f=62 to f=54 to enter a new thread on the Windows forum.

 

Now let me say before anyone tries to correct me, that I know there are other ways around the situation - I've just found a caveat in those other ways that can be worked around, but implementing my idea would be easier - IMO; it's clever, but clever isn't always good.

 

I'm just trying to find out if someone has already done this and I'm wasting my time....what if I digitally signed the query string? In otherwords use a keyed hash algorithm, passing that hash value in the query string to make sure the other values in the query string weren't tampered with? I've already designed it out and I think it will be pretty cool, but as any good coder knows, just because it's cool doesn't mean it's useful. :)

 

Would other people find this valuable if no one else has ever done it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...