Reputation: 15
How to securely store webhook url in c#
In a c# program I am creating, I am wanting to send the answers people give(the program is a quiz) to a webhook where they can be stored. How do I make it so that if someone opens up the program.cs they can't see what the web hook is? I use base64 in python for this.
Upvotes: 0
Views: 844
Answers (1)
Reputation: 2313
Well, to start, if you're using Base64 for encryption/obfuscation of some sort, you have a massive security flaw somewhere that requires some urgent attention... the only thing required to read a Base64 encoded string is to decode it.
Second, what you're looking for is what is generally referred to as "app secrets" or "environment variables"; these are values that are typically assigned/initialized at runtime. You should use an app setting of some sort.
But even still, because this is client-side, the URL would not be "obfuscated", if they're able to disassemble the program or application, they will be able to find the secret within the disassembled code.
You could use a non-secret/public URL that then forwards requests to the secret URL (this would be the most secure approach, as it is the only way the client would be unable to get access to the underlying URL without access to the server).
Ultimately, however, if an endpoint is so sensitive that you have to keep it secret, you probably should not be having clients send data directly to it.
Upvotes: 1
Related Questions
- How to achieve Base64 URL safe encoding in C#?
- ASP.NET Custom WebHook implementation
- How to encrypt the query parameters values in rest api url
- Using HttpClient to read encrypted URL on Windows Phone
- How should I encrypt data to send in URL
- Encrypting URL for WCF Service
- How to Encrypt a URL?
- Encrypt URL in asp.net
- Encryption of URL information
- Encrypting a string to a URL in C#