3

I'm trying to encrypt query parameters in an Angular 5/6 project. We have some sensitive data in the URL which we might need to encrypt or hash so an outside user won't know.

Is there a way to do that or worth doing? For example, would that be really safe, or maybe have a big impact on performance?

I've seen some routing configured as /edit/:id/:name, but I'm confused as to whether it's really safe to expose the ID or other parameters in the URL.

Benjamin W.
  • 46,058
  • 19
  • 106
  • 116
Drex
  • 3,346
  • 9
  • 33
  • 58
  • What do you mean "safe"? What specific problem are you trying to solve? – jonrsharpe Jun 04 '18 at 17:06
  • Well, sometimes instead of passing the id in the URL then retrieve the object from database by that id, I would try to pass a few properties of an object inside URL, like /edit/:id/:name/:zip/:phoneNumber -->(/edit/12/tommy/45402/9292412314), so this could save some time when loading the page to avoid calling via remote backend api. However, I don't want to expose these query value to the user directly so after encrypt these parameters and passing them into URL like (/edit/4a41/wlajsl/siea1ls7/asfeas) which user don't know what exactly contains in the url – Drex Jun 04 '18 at 22:16
  • For example, if query string contains SSN, it might be better to be encrypted – Drex Jun 05 '18 at 00:40
  • Why are you passing that in the URL to start with? Use a separate ID to identify users and pass private data like phone number and SSN via *services* if you need to. Encrypting in the URL isn't going to work because the decryption code will also be public. – jonrsharpe Jun 05 '18 at 07:26
  • You mean the decryption of Angular code will be public? Hmm, that is true, I am passing that in URL is for improving the performance, e.g, I have a pop-up only contains id, name and SSN field, so instead getting those fields data through a service via ID by going through database, I just grab those from my grid data and try to pass them into URL then mapping to my direction pop up model. – Drex Jun 05 '18 at 12:59
  • Services don't all have to go to the database to get data, you can pass data between components using them too. – jonrsharpe Jun 05 '18 at 13:12
  • Gotcha! You mean something like eventEmiiter or subject through Observable? – Drex Jun 05 '18 at 13:44

1 Answers1

1

Like @jonrsharpe suggest, we can use eventEmiiter or subject through service to pass data as an object in between component so no need to work on hash query parameter in routing.

Drex
  • 3,346
  • 9
  • 33
  • 58