Redirect with querystring
-
Hi, I have two sites and I want to login from one to another. I have simply used Response.Redirect("http://www.site1.com?username=abc&password=123"). I have encrypted username and password for security. I want only to confirm is this approach good or not? Thanks
-
Hi, I have two sites and I want to login from one to another. I have simply used Response.Redirect("http://www.site1.com?username=abc&password=123"). I have encrypted username and password for security. I want only to confirm is this approach good or not? Thanks
Dot-Net-Dev wrote:
I want only to confirm is this approach good or not?
No, not at all!
Dot-Net-Dev wrote:
I have encrypted username and password for security.
Username/password or any sensitive information should never be passed in querystring even if encrypted!
-
Hi, I have two sites and I want to login from one to another. I have simply used Response.Redirect("http://www.site1.com?username=abc&password=123"). I have encrypted username and password for security. I want only to confirm is this approach good or not? Thanks
yes, @Sandeep Mewara is true. there are many ways for decrypt your encryption. never use sensitive data in querystring.
-
Dot-Net-Dev wrote:
I want only to confirm is this approach good or not?
No, not at all!
Dot-Net-Dev wrote:
I have encrypted username and password for security.
Username/password or any sensitive information should never be passed in querystring even if encrypted!
Then what to use?
-
Then what to use?
Set an authentication cookie. There's more than a few examples out there but here's a starting point for what I think you want: http://msdn.microsoft.com/en-us/library/9wff0kyh.aspx Never ever use querystrings for this sort of thing. You're exposing an entry point, encrypted or no, for someone savvy enough to mess with.