4 Replies Latest reply: May 4, 2012 7:43 AM by EJP RSS

    Encrypt data

    934868
      I would like to encrypt some ids on my web page in hidden fields with sessionId as private key. So that they appear different everytime.

      Please help with with the type of encryption that i should use to complete my task.
        • 1. Re: Encrypt data
          aksarben
          Why in the world would you want to encrypt them in the first place? What problem are you trying to solve?

          As far as which encryption method to use, it depends on what you want to do with the ID's. Who would decrypt them? The browser certainly won't. So what's the point of encrypting them? How "secure" do they need to be?
          • 2. Re: Encrypt data
            934868
            well these ids would be available to everyone so don't want others to modify them because they would cause problems in CRUD operations on the server. So i would like encrypt while printing out data and decrypt while reading. Since i don't don't know much about encryption i thought why not ask.

            I would want that user is not able to decrypt the ids in the hidden form fields because these are the questions ids for an online exam.

            Certainly i would want them to be encrypted with some unique key for every user which i thought i can make use of session id.
            • 3. Re: Encrypt data
              TPD-Opitz
              yum_hai_hum wrote:
              I would want that user is not able to decrypt the ids in the hidden form fields because these are the questions ids for an online exam.
              What do you think is the hazard in knowing the ID's of the Questions?
              I think the critical information is the ID of the correct answer. But hopefully you have no hint in the page which answer is the right one...

              bye
              TPD
              • 4. Re: Encrypt data
                EJP
                I would like to encrypt some ids on my web page in hidden fields with sessionId as private key. So that they appear different everytime.
                Encryption is done with a public key, not a private key, and the sessionID is known to the client, so he can decrypt them, so the solution isn't secure.

                What exactly are you trying to accomplish?