Skip to main content
A
Anonymous
October 16, 2012
Question

How to decrypt a URL

  • October 16, 2012
  • 3 replies
  • 2577 views

I encrypted a url that i would like to pass to another page, but can't seem to get it to decrypt it. This is the first time i am using this technic, so i might not be doing it right. Just been reading alot of the examples on the web and can't get it to work for me.

== Encrypted ==

<h3>URLEncodedFormat Example</h3>

<cfscript>

  theKey=generateSecretKey("AES");

  encrypted=encrypt(#qEdit.PersonID#, theKey, "AES", "HEX");

</cfscript>

<cfoutput>

  <a href="##" onclick="MM_openBrWindow('test2.cfm?Picture=#encrypted#','','resizable=yes,width=500,height=500')">Test Encode</a>

</cfoutput>

The encryption works fine in the url, but now i'm not sure how to decrypt it on my other page.

    This topic has been closed for replies.

    3 replies

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    October 19, 2012

    I agree with 12Robots that you should never send your key by URL. That is equivalent to publishing it, and therefore defeats the whole purpose of the encryption. 

    There are 2  choices. Store the key as a client variable or as a session variable. I prefer session, because it involves just memory. (It's difficult to guess what someone's thinking!)

    As 12Robots has said, the usual place to define session variables is in onSessionStart. Here, ColdFusion sets one value in memory for the entire user session. However, I think the requirements of the original post are not that simple.

    You will have to store the PersonID and encrypted string in session scope, as you will need these values for validation later. Also, the URL has a dynamic part, namely, Picture=#encrypted#. This tells me there may be 2 or more Picture values per session. If so, then these session variables should be defined on the page itself, for example

    <cfscript>

      session.theKey=generateSecretKey("AES");

      session.personID=qEdit.PersonID;

      session.encrypted=encrypt(session.personID, session.theKey, "AES", "HEX");

    </cfscript>

    <cfoutput>

      <a href="##" onclick="MM_openBrWindow('test2.cfm?Picture=#session.encrypted#','','resizabl e=yes,width=500,height=500')">Test Encode</a>

    </cfoutput>

    This defines a new key each time the current page is opened. I would then expect the validation on test2.cfm to jog like this

    <!--- Ignored URLEncodedFormat and URLDecode, to keep story simple.  --->

    <cfif isDefined("URL.Picture") AND URL.Picture IS decrypt(session.encrypted, session.theKey, "AES", "Hex")>

    success

    <cfelse>

    failure

    </cfif>

    WolfShade
    WolfShade
    Legend
    October 18, 2012

    You'll need to either save "theKey" to a session variable or pass it along in the URL.

    If session variable:

    decrypted = decrypt(url.Picture,session.varName,algorithm,enc);

    If URL param:

    decrypted = decrypt(url.Picture,url.varName,algorithm,enc);

    ^_^

    12Robots
    12Robots
    Participating Frequently
    October 19, 2012

    If you are doing this for security then "or pass it along in the URL" is terrible advice, please don't follow it. Sorry WolfShade.

    Create the key onSessionStart() and store it in the session scope, then you can reuse it throughout the site as needed.

    Jason

    P
    pirula08
    Inspiring
    October 17, 2012

    you can easily do so, please check this article

    http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions_c-d_40.html

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices