0 votes

Hi everyone,

One of my customer wants to encrypt the url of the guest pages.

For the moment it's something like this :


With this, the next key (propkey) can easily be guessed and the contact can potentially access all the records

The idea is to use a specific encryption, the url will only be something like this :

With this, I need to do a loadscript, runscript to go serverside, decrypt the id and pass client side the right parameters
But this means all the Runqueries, GetArguments,.. have to be delayed right?

Did anyone have already done something like this or do you have any advice?


Kind regards,

asked in Guest by (325 points)

1 Answer

+1 vote

Another simpler approach is to check server side whether or not the guest contact has access on that record identified by propkey. Throw an exception when access is forbidden. It will lead to the typical guest page error, but that's should not be an issue.

I prefer security serverside instead of obscurity

answered by (7.4k points)
1,249 questions
1,521 answers
328 users