Sunday, 15 March 2015

asp.net - Get details of object from database - keep ID secure -


I have a list of books from the database. When a user selects the book, I want to get the information for that book and display it on the screen. However, I would like to keep a hidden book ID from the customer-side, so what would be the best way to move the ID of the book selected? I think my brain has melted, so I'm probably looking somewhat clear. Sessions do not seem to be the only way to transfer information, but I'm not sure how to implement any system, where an item is selected (whatever the control type is most appropriate), and the item's ID to someone The server is retrieved and recovered related information. (ASP.NET + Using SQL Server) Thanks for any advice

Do you really want to Want to hide the database ID, as in a scenario where the user has some alternative uses for the database and you want him to find the book in a difficult way?

Usually the requirement is not to keep a secret, but to prevent users from recognizing IDs (for example to apply one of the few funnels to navigating an item) Or for sharing an ID with other users, for example, a URL is correct for http://example.com/books/0867316672289 , where 0867316672289 is the same visitor to same Will present the book, but the value of the user Sapas can not hit, so 0867316672288 or 0867316672290 404 rupees will land it may be necessary that another a 404 to registered users 0867316672289.

The id really adds a very low value to the scheme described above by keeping 'secret' (i.e. storing it in session and keeping track of session status 'current book') and only makes things complicated

A solution is to encrypt the ID using a site secret key. You get a 16-bytes encrypted block (like AES block size is used) by an int ID, which can be returned to the original ID later on the incoming site. Due to the huge size of the solution space (16 bytes), visitors can not guess other IDs. If you want to make pseudor-aids sticky for a user, then you can make the encryption key user unique (such as received by the user ID) or add additional information in the proxy ID (for example also encrypt the user id and check This in your request handler).


No comments:

Post a Comment