1

(ASP.NET MVC 4.5) Imagine you have a model for a bank or a company that has IDs that are sensitive information such as an account number or some other personally identifying information. What is the best way, or at the least what are some strategies, to route the edit/display actions without placing this information in the URL.

Obviously this would be bad:

https://goliath-natinal.com/Accounts/Edit/954321

if 954321 is your bank account number.

I imagine one way of doing this would be to add a GUID to each account that acts a a surrogate key. But I'm very curious to know if there are any possibilities for doing something if you cannot change the database at all.

Robert Kaucher
  • 1,841
  • 3
  • 22
  • 44
  • 1
    Usually you hide behind a ticketing system. – asawyer Feb 01 '13 at 18:45
  • http://stackoverflow.com/questions/323200/is-a-https-query-string-secure – MikeSmithDev Feb 01 '13 at 20:04
  • MikeSmithDev, I don't see the relationship at all. Using HTTPS does not hide the URL from anything. The URL is unencrypted in the HTTPS transaction, it must be or there would be no way to establish the session at all. All that answer does is restate the problem in my question. – Robert Kaucher Feb 01 '13 at 21:42
  • asawyer -What do you mean? – Robert Kaucher Feb 01 '13 at 21:42
  • I did find this. http://stackoverflow.com/questions/1282243/asp-net-mvc-protected-members-area-with-sensitive-data-in-urls – Robert Kaucher Feb 02 '13 at 16:03
  • @RobertKaucher What do you mean? Yes the query string is secure. Your risk is it being saved in the browser bar or server logs, or maybe javascript... but in HTTPS the entire request, including the URL, is secure. But yeah, doesn't mean its a good idea. Like in your case. – MikeSmithDev Feb 04 '13 at 16:52
  • Sorry, I was confusing my self. My issue with that is the fact that the URL will be visible in the browser history and potentially in any server logs. – Robert Kaucher Feb 04 '13 at 18:04

1 Answers1

1

Just throwing some ideas out here...

You could encrypt your identifier using Rijndael or some other type of encryption. You could salt and hash it based on other identifying fields related to the account. You could do that on the fly. You'd take a processing hit though.

If you're using a memcache or azure caching you could create a map of accounts to guids and let that just sit in the cache. If allowed, in the DB you could create a separate mapping table that maps the account to a new guid.

Can you give more info on the full restrictions? I.E. Is the table restricted from change, or the whole DB? Could you create a new DB?

Zoltan
  • 165
  • 9
  • This is just theory. I was working on an MVC project at work for internal customers and I thought, "How would I handle this if the ID referenced by the controller as an action parameter was some sort of PID?" – Robert Kaucher Feb 01 '13 at 21:45