Reputation: 20555
Javascript go to url with encrypted parameter
I am creating a google chrome extension which works and looks as if it was an extension of my website.
When you first open my extension you would have to login. When you enter your username and password an ajax request is sent to my server. If the result of the username and password is true i encrypt the password and store it in the extensteion
Now here is where it gets tricky:
if the user goes to my website it should automaticly log him/her in. i thought that i would in my extension make a check that if the website was mine it would redirect to a suburl and send the encrypted password / username, and my site would then auto log the user in
An example of an encrypted password looks like this: ZNVwb7ukhJfhBmdbo4SkPMjG6U8a0GKQB+/mPhQtRVw=
because of / i would like to send it as a post request.
Do you guys know how i would achieve this?
Upvotes: 2
Views: 421
Answers (2)
Reputation: 310
I would suggest rather than trying to store an encrypted password and possibly succumbing to future security issues, you use a token instead. So the process would be:
- The user runs your extension
- The extension sends the user's login information to the remote server (over HTTPS) and gets back a token
- The token is used for all further requests
To do this you need a session table on your remote server that can interpret the token in each request to find the user that is making the request. Best practice would dictate that eventually the token should become stale with inactivity, requiring a user to login again. This time out would generally be in the range or 1-24 hours.
Upvotes: 0
Reputation: 33538
Without commenting on the encryption you are using, it sounds like you want to avoid a GET request solely because the URL contains the / character?
You can send this via GET, you should simply URL encode the value.
URLs can only be sent over the Internet using the ASCII character-set.
Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format.
URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits. URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
So if you want to send a forward slash to be interpreted as a query string parameter instead of a path delimiter, you should encode it to %2F. It is better to use a standard library for this and pass the whole string in rather than rolling your own to only encode the slash.
Upvotes: 3
Related Questions
- How to encode/decode URL parameters in javascript?
- JavaScript redirect while passing on the parameter to new URL
- How can I encrypt and decrypt query my query parameters in a URL?
- How to redirect parameter to a url?
- Encrypt URL Query Parameters
- JavaScript: Automatically Redirect a Page with Post Parameters
- Javascript Encrypt pass before POST
- How to keep URL parameters on Javascript redirect?
- JavaScripts: Cloaking redirect for posting data
- Javascript redirect to SSL causing 'partially encrypted' error