Hey all, I don't want to show the dynamic ID value in the URL
string, so I am doing an encrypt() on the page with the link, and a
decrypt() on the page showing the details.
I have this working; I only need help detecting if the user
manipulated the URL string
APPLICATION.CFM <cfset VARIABLES.algorithm = "AES">
<cfset VARIABLES.encoding = "hex">
<cfset VARIABLES.key =
<cfset REQUEST.phrase = "454d5a4daSAASSDASD==_+Test">
I outputted VARIABLES.key to get the value which I hardcode for
REQUEST.phrase. I then pass REQUEST.phrase in place of the "key"
attribute in encrypt/decrypt. I am doing it this way because of an
issue noted here:http://forums.hostmysite.com/about4161.html
The exception is being thrown because you're instructing the
server to decrypt a string that is not properly encrypted. Add a
try/catch around the decryption statement. If decryption fails,
then value of url.lid is not an encrypted string and you know it
has been tampered with.