Scramble Information in the QueryString

[Jeremy S]

What are some options for scrambling information in the QueryString.

Consider this URL for example:
SomePage.aspx?userid=15

I don't care if there is something in the querystring - I'd just prefer that
it's not obvious that a variable named [userid] is getting passed, and that
it has a value of 15.

 

[Brock Allen]

You can use DPAPI to encrypt it when you issue the QS and then decrypt it
when it's sent back in. Dom has some wrappers for DPAPI:

http://www.leastprivilege.com/PermaLink.aspx?guid=ebd9956e-a36c-4b57-8d58-6ff79a60e43f

-Brock
DevelopMentor
http://staff.develop.com/ballen

 

[Arjen]

You can also use uniqueidentifier as fieldtype instead of int32.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_na-nop_4pt0.asp

Arjen

 

[bradley]

Even if you do scramble (encrypt) the URL, it could still be modified in a
harmful way by the user either deliberately or accidentally. Perhaps you
could maintain the actual UserID in session state rather than passing it
around in the querystring. Also, there are methods to include a checksum
value in the query string.