Query string is a vital part of a website to pass data from one page to another. But it is the most insecure way of passing data from one page to another. Securing query string is very important in today’s world.
You cannot avoid using query string in a website. But there are several ways to secure the query-sting from the prying eyes.
The best way is to limit the use of query-string. Limiting the usage of query string avoids showing extra details to the users. After limiting the query-string using, try to encrypt the limited number of query string in the url. Encrypting will help you to lower the security vulnerability of the website.
Example of Securing Query String
On searching the web I found several articles and samples to encrypt query string in ASP.NET and MVC. Below are few are the articles on encrypting url query string which have good sample and details on it.
- Passing Tamper-Proof Query String Parameters.
- Encrypting Query Arguments.
- Query string encryption for ASP.NET.
- Encrypting Query Strings.
See this article for few of the best practices you can follow while generating query string in .Net web applications.