• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

having issues replacing cfusion_encrypt with encrypt()

Participant ,
Jul 17, 2014 Jul 17, 2014

Copy link to clipboard

Copied

we have a series of applications that use cfusion_encrypt() to encrypt query strings passed between and with in  applications.  We are currently running CF10 and are not experiencing any problems.  We are looking at upgrading to CF11 and are now experiencing a plethora of errors related to encrypt/decrypt.

the issue i am currently working on is related to encrypt a url.  no matter how I code the key,algorythm, or encoding, The encrypted portion of the url shows up as part of the link.

example:

<cfset theURL ="method=c.login&pid=validateLoginObj&vid=0&datasource=foo">

<cfset encryptedUURL ="http://localhost/1/2/inventory/index.cfm?encrypt(theURL, '123','CFMX_COMPAT','UU')">

<a class="nav_link" href="#encryptedUURL#">Inventory</a>

when the page is displayed, the user sees:

"WL.5KP1EY"3\'?=KH1* target="blank"> Inventory " as the link

(yes I shortened the encrypted string for demo purposes)

this sort of thing is through out 8 major applications

any suggestions on how to prevent this?

Message was edited by: john birdsell

Views

1.1K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Engaged , Jul 17, 2014 Jul 17, 2014

Use HEX encoding so you only get alpha numeric characters in the encrypt result.  Also, you realize that the CFXM_COMPAT is a  weak encryption right?

<cfset encryptedUURL ="http://localhost/1/2/inventory/index.cfm?#encrypt(theURL, '123','CFMX_COMPAT','HEX')#">


Votes

Translate

Translate
Engaged ,
Jul 17, 2014 Jul 17, 2014

Copy link to clipboard

Copied

Use HEX encoding so you only get alpha numeric characters in the encrypt result.  Also, you realize that the CFXM_COMPAT is a  weak encryption right?

<cfset encryptedUURL ="http://localhost/1/2/inventory/index.cfm?#encrypt(theURL, '123','CFMX_COMPAT','HEX')#">


Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Jul 17, 2014 Jul 17, 2014

Copy link to clipboard

Copied

As @fergusondj correctly shows, your URL is incorrect because you encrypt all of it, so the http://localhost  part is not even working and the URL cannot even resolve. You need to tag on the encrypted part to the unencrypted URL prefix, otherwise the link won't work at all. That is the crux of the problem, so this is what the code should really look like:

<cfset theURL ="method=c.login&pid=validateLoginObj&vid=0&datasource=foo">

<cfset encryptedUURL = encrypt(theURL, '123', 'CFMX_COMPAT', 'UU')>

<a class="nav_link" href="http://localhost/1/2/inventory/index.cfm?<cfoutput>#URLEncodedFormat(encryptedUURL)#</cfoutput>">Inventory</a>

To ensure that the URL has all valid characters you can use URLEncodedFormat(). You can URLDecode() the other way around when you process the link.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Jul 18, 2014 Jul 18, 2014

Copy link to clipboard

Copied

It doesn't look to me like he's trying to encrypt the full URL including the domain:

<cfset encryptedUURL ="http://localhost/1/2/inventory/index.cfm?encrypt(theURL, '123','CFMX_COMPAT','UU')">

I think the code in the question is just missing the # # around the encrypted part, probably due to how it's been put into the question rather than the actual code being used:

<cfset encryptedUURL ="http://localhost/1/2/inventory/index.cfm?#encrypt(theURL, '123','CFMX_COMPAT','UU')#">

I think Ferguson's answer is probably more on the money.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Jul 18, 2014 Jul 18, 2014

Copy link to clipboard

Copied

Ah yes, I stand corrected. Definitely missing #'s there too as you say.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jul 18, 2014 Jul 18, 2014

Copy link to clipboard

Copied

LATEST

Well it turns out that using 'UU' was causing my issue.  I switched the encoding to HEX and the link displays correctly.

thank you

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation