Real Software Forums

How do you do when you have software to interact, or save data, on the web?

index.asp?ID=123&age=23&firstname=Bernie

What about security!?

Depending on what kind of data it is, security may be important.

So... No reply from the crowd! I answer myself. In the shower and while shaving good ideas comes as a flash from the clear blue sky!

I think it can be possible to do with sessions.

For example, when opening the software a connection to the remote server can be initialized and the session ID from the web server is sent to the client. Then, when editing data, the session ID is included in the string.

index.asp?sessionID=123&firstname=Adam&lastname=Maniac&userID=23

You will just need to "hide" the session ID little in the code... Maybe write it as serialKeyNr, for example. But that's just a designers hidden secret.

It will still be possible to "break" or to fake the software, but it will need some serious thinking and is not done so easily.
It's not super perfect, but at least, it's way better than nothing!!

After all, this software is not super secret and in the interest of the nation...!!

Why would your second version be more secure than your first?
Your 'designer secret' could be discovered within minutes with a decent packet sniffer. You shouldn't send 'private' data this way. If it's private, you need some sort of authentication, nothing else.

I'd say you should encrypt the data with AES-256 or similar a decryption key that only the receiver knows.
DON'T send the key to the receiver, it has to be there from the beginning otherwise it too can be snatched and used for decryption by a filthy hacker