Reputation: 1
Encrypt URL Hash Parameters for communication between two domains
I have two domains that communicate by redirecting amongst each other and passing values using query and hash parameters.
request_domain-> on user action, creates a url of format
response_domain.com/?method=somemethod#params=b64encodedobject and navigates to it.
response_domain is a vue webapp that does some processing and redirects back to
request_domain.com/?method=somemethod#result=b64encodedresult
The request_domain treats the #result hash param as source of truth, but currently, anyone can generate a random object with the desired values, b64 encode it to a string and replace it in the url.
People reading #result is not an issue, It should not be changeable.
Is there a way to encrypt #result such that request_domain can validate that it was supplied by the response_domain and not altered?
I only have access to the response_domain, the request_domain will integrate a sdk that I will provide for the back and forth navigation flow.
Upvotes: 0
Views: 869
Answers (1)
Reputation: 299565
Any secure encryption scheme will do what you're describing. Since it sounds like both sides of the system are on servers you control (rather than in the client), that's straightforward. Create a random key and share it between the two servers, use AES-GCM to encrypt and decrypt the result, and base64-encode the encrypted data to transfer.
There are other secure encryption schemes, but AES-GCM is the easiest to use correctly for this kind of problem.
Upvotes: 2
Related Questions
- How can I encrypt and decrypt query my query parameters in a URL?
- How to encrypt URL request parameter values in java for use in an emailed link
- encrypt and encode URL parameters spring mvc
- Encrypt IDs in URL variables
- Encrypt PHP query string value in URL
- How to do encryption and decryption in query string value?
- Encrypting Parameters in URLs
- Encrypt querystring using HttpHandler
- Sending encrypted text in Url
- What's the best way to secure a query string with Java?