ReCrystallize Server provides an encryption capability for parameter values. Using encrypted values for parameters will prevent end users from determining the true value of the parameter, even if the encrypted value is visible as part of the web address. Enforcing parameter encryption helps prevent end users from changing the intended value because a non-encrypted value will not be accepted and the end user will be unable to provide a correct encrypted value.
Two encryption methods are available in ReCrystallize Server: AES and Triple DES. Either may be used to provide encrypted parameter values. To use AES, name the field using one of the following formats:
promptAES -parametername
Px-AES where x represents the number parameter number.
To use Triple DES, name the field using one of the following formats:
prompt3DES -parametername
Px-3DES where x represents the number parameter number.
For example, the non-encrypted “author” parameter in the URL below
ViewReport.aspx?reportName=library.rpt&author=Shakespeare
with AES encryption becomes
ViewReport.aspx?reportName=library.rpt&promptAES-author=3zDqgZAX%2bmLv6m0AFuxDcg%3d%3d
or
ViewReport.aspx?reportName=library.rpt&P1-AES-author=3zDqgZAX%2bmLv6m0AFuxDcg%3d%3d
where Author is the first parameter occurring in the library report.
The actual encrypted strings will vary depending on the encryption key, which may be customized in Settings.
To require encrypted parameters, change the Require Parameter Encryption setting to true. When Require Parameter Encryption is set to true, parameters must use the promptAES or promptDES format. Non-encrypted values using promptex will be ignored.
Three tools are available to assist with encrypting text values.
• An interactive web page that accepts a string and provides encrypted versions for both AES and Triple DES is available at
bc. ReCrystallizeServer/EncryptTool.aspx
• The page at
ReCrystallizeServer/EncryptFile.aspx
will accept a text file with one value string on each line. It will then return a file with the corresponding AES encrypted values, one string on each line of the file.
• A web service is available at
ReCrystallizeServer/EncryptService.asmx
The web service accepts two inputs, the text string to be encrypted and the encryption method, either AES or 3DES .
It returns the corresponding encrypted text string.
Post your comment on this topic.