URL Encoding/Encryption

  • 4 November 2014
  • 2 replies
  • 5 views

Badge +2

Hi all

 

How can we encrypt K2 form URL so that the users don't see the parameters passed in the form?

 

For E.g. - in the following URL my request ID 89 is exposed to the user. The user can change this request id and load somebody else request too.

 

http://hclt-pc2041-1:82/Runtime/Runtime/Form/PPE.PPERequest.Form/?&request id=89&_state=Edit

 

 

Kindly suggest the best way to encrypt this URL.


2 replies

Badge +9

Am I missing something here oe would SSL work?

Badge +8

I think URL obfuscation would be a better term for what the OP is trying to accomplish.  Encryption implies some degree of security that I don't think is intended.  Even if a given URL sends a user over SSL, the request ID is still obvious in the URL.

 

Couple of thoughts:

 

1. K2 does not support this out of the box.  Unless you are going to move away from SmartForms to a platform that provides a greater degree of control over the generated URLs (e.g. ASP.NET WebForms), you aren't going to be able to hide this.

 

2. Depending on your particular scenario, the rights on a process could block a user from viewing a request that isn't their's to begin with.  For example, you can set permissions so that people can only view the processes in which they participated.  However, permissions in K2 are exceptionally broad so you may not be able to accomplish your goal using just permissions.

Reply