I want to ask you how can I safely encode multiple GET variables from my URL and put them in one, then it send it to another page.
Thank you for your time!
If your intention is to increase security of the data being sent through URL then you should go for POST method instead of GET. Otherwise if you are bound to use GET then use some encryption(A way of encoding) standards e.g. MD5 on the data before you put them in the URL using GET method.
There are functionalities available on server side that can be used for the encryption.
Related
I have created a jmeter script for Outsystems applications ( by recording and as well as creating raw request) however when I try to pass _OSVSTATE value from login page to subsequent requests I am getting an base64 encoding errors. I tried sending the request with encoding and without encoding but the result is same. Could anyone please help me/ advise me of how to overcome this issue. Any help is highly appreciated.
Looking into View state in OutSystems Applications article I don't think you need to encode/decode the __OSVSTATE parameter, you just need to extract it from the previous response, save into a JMeter Variable and add the variable as the parameter for the next request.
You can extract the value using i.e. CSS Selector Extractor configured like:
Name of created variable: anything meaningful, i.e. OSVSTATE
CSS Selector Expression: input[__id=__OSVSTATE]
Attribute: value
That's it, now you have the parameter value in the ${OSVSTATE} JMeter Variable, feel free to use it where required.
This is my URL:
<a class="btn btn-success btn-sm btn-block" href="#Url.Action("myAction", "myController")?Id={{repeat.Id}}&HistoryId={{repeat.HistoryId}}" ng-cloak>View History</a>
I just want to know how do I encrypt the URL. Please help.
You can try two workarounds:
1) Usually encrypting the data instead of entire URL is more than enough, and less complicated. When constructing your angular method, you need to encrypt the ID before you even assign to the URL. This way the IDs will be encrypted and no one can see the actual ID. When the URL is being clicked, you need to decrypt the URL in the back-end before processing them.
2) If for whatever reason, you still need to encrypt the entire URL of the anchor, you can do it in $document.ready. Assign an ID for your hyperlink. Once DOM is loaded and document.ready is called, you need to use ajax and send the full URL of the anchor to back-end to perform encryption. Then in ajax success, append the encrypted URL to the anchor
$ajax.
...
success: function (data) {
$("#myHyperLink").attr("href", data.EncryptedURL)
}
But using this approach, you need to handle the clicking of that anchor separately, otherwise the browser can't redirect you to anywhere.
If possible, use the POST method instead
If you want to protect any bits of data then don't put them in the URL, use a POST request over HTTPS so that the body is encrypted. However, everything happens client side, so you need to be careful you don't expose any important values. Anyone can hit F12 and use the debugger at any point in the JavaScript code to see what happens and what values you have.
Always assume that nothing on the client side is safe. The best idea is to never expose important IDs directly. Imagine you have your data in a Sql table with these fields:
ID - int,
Name - varchar
If you expose the ID, people can simply issue requests to your api and change that id sequentially to hit data they are not supposed to.
Now, if you add an extra field to your table definition, let's call PublicID of type GUID and this is the one you expose in the URL then everything is good with the world again . On the server side you change your datalayer a little bit to take these new IDs, work out the real ID and then do whatever is needed. This way you protect your internal IDs, never expose them and you are always safe because no one can guess a GUID and they are not sequential.
Assuming you have a create method, on create you simply populate these new ID with a Guid.NewGuid() call.
I cannot emphasize this enough, nothing you expose on the client side is secure, whatever you do. Best idea, don't expose anything you don't want people to know about.
I'm using node.js and I need to pass an array of objects with res.redirect(),
I tried with querystring but it's not a good idea because the array with too big and I could get Error 414 Request URI too long.
using connect-flash isn't a good way either, it's more useful for passing messages.
And I don't want to use req.app.locals for that.
Hope you can help me with any idea.
Assuming the client here is a browser that you want to just automatically follow the redirect and then inherit some new state when the server generates the page for that newly redirected URL, then here are some options:
If you already have a session established for the user, then you can store the data in the session, then include a single query parameter that tells the route handler for the page you're redirecting to to look in the session to get the relevant data.
You could also create a temporary server-side cache of data. Generate a random key (likely a timestamp plus a random number). Store the data in a server-side Map using that key. Then put the key into a query string on the redirect. Then, in the route handler for the new, redirected page, it will see the query string parameter and it can grab that key out of the query string and access the data from the server-side Map serving as a temporary cache (and probably remove it from the cache too). This scheme works in a session-less environment.
You then need some scheme for cleaning up unused data from the cache so it doesn't accumulate. Probably what makes sense it to timestamp the data and then have a setInterval() timer that just removes things from the Map if their timestamp is older than xx minutes.
If the request is an Ajax call rather than a regular browser page request, then you don't need to use a redirect at all. You can just return the content that they would have gotten if they then followed your redirect. Then, you don't have to invent a temporary place to store the data. You can just use the data to generate the desired page and return it.
Store the data as session data and serve it back up to them when they land on the landing page.
Another way would be to have the client request the data asynchronously once the redirect has been performed.
I want to transfer a variable value without the need of cookies nor server interaction in JS, is ther any way possible ? for instance if i have foo.js and a variable fooVar = 10, and bar.js and barVar is there any way possible for barVar = fooVar without cookies?
Based on your comments, you could store the variable you want to access in the second page in the query string of the second page, or in the hash of the query string of the second page. Use that query string to load the second page.
e.g. in the query string:
http://example.com/bar.html?myvar=5
or e.g. in the hash of the query string:
http://example.com/bar.html#?myvar=5
Using the hash is likely to be the best option as your server will most likely ignore whatever you put in the hash (unless the server is programmed to do otherwise).
You can then use window.location.hash in the javascript loaded by bar.html to get the hash string and decode it to get your stored variable...
You can use HTML5 localStorage. The localStorage saves your data into the web browser. The difference with $_COOKIE is that data is accessible only via web browser with javascript and they are not sent in every HTTP request. Here is a link with examples.
You say that you want to carry the value of the variable from one page to the next page.
Why do you not use the url?
Add something like ?fooVar=10 to the url of the second page and then parse the url with the second script on the second page.
Here is a example how you can parse the url in the second script
how can i get query string values
I basically nees a redirect, but the my problem is the first url must be stored otherwise the other page will not display.
how do i get jquery or javascript to store the current (or specified) url, then once stored it must load a different (specified) url?
You can't simply store it in a variable, because when a new URL is loaded, the entire javascript context is new. You can store the current URL in a cookie, though.
If you're trying to pass the URL from one page to the next, the cookie approach will only work if the two pages are on the same domain.
If you have any kind of server-side component in your stack (e.g. PHP) it seems like a more sensible approach would be to store the URL server-side.
Edited to add: You requested sample code for the cookies. Reading and writing cookies in Javascript requires a certain amount of boilerplate code; there are example methods here or you can use a jQuery plugin.
Once you have a simple way to write and read your cookies, you can just do (this syntax uses the jquery plugin)
//assuming "newURL" hold the new url you want to load
$.cookie("currentURL",window.location.href);
window.location = newURL;
Then on the next page you can get the old URL:
var oldURL = $.cookie("currentURL");
To do this with a client side script like JavaScript/jQuery, you'll need AJAX. You send off a request to the server with the URL to store and you can get back the URL to redirect to, if desired. Once the response is received from the server, you redirect to the target URL.
However, note that this can't be done with just JavaScript/jQuery. You need a server-side script as well to handle the request to store the URL. Something like PHP, Perl, etc. You may also need a database or at least a flat text file to store the data.
You may want to consider a completely server-side approach. Use a script on the server to read and store the URL and then route the request to the proper destination. It will be a faster and more seamless experience for the user and less stuff for you to build and maintain.