4

I'm trying to encrypt query parameters in an Angular 5/6 project. We have some sensitive data in the URL which we might need to encrypt or hash so an outside user won't know.

Is there a way to do that or worth doing? For example, would that be really safe, or maybe have a big impact on performance?

I've seen some routing configured as /edit/:id/:name, but I'm confused as to whether it's really safe to expose the ID or other parameters in the URL.

Improve this question
7
  • What do you mean "safe"? What specific problem are you trying to solve? Commented Jun 4, 2018 at 17:06
  • Well, sometimes instead of passing the id in the URL then retrieve the object from database by that id, I would try to pass a few properties of an object inside URL, like /edit/:id/:name/:zip/:phoneNumber -->(/edit/12/tommy/45402/9292412314), so this could save some time when loading the page to avoid calling via remote backend api. However, I don't want to expose these query value to the user directly so after encrypt these parameters and passing them into URL like (/edit/4a41/wlajsl/siea1ls7/asfeas) which user don't know what exactly contains in the url Commented Jun 4, 2018 at 22:16
  • For example, if query string contains SSN, it might be better to be encrypted Commented Jun 5, 2018 at 0:40
  • Why are you passing that in the URL to start with? Use a separate ID to identify users and pass private data like phone number and SSN via services if you need to. Encrypting in the URL isn't going to work because the decryption code will also be public. Commented Jun 5, 2018 at 7:26
  • You mean the decryption of Angular code will be public? Hmm, that is true, I am passing that in URL is for improving the performance, e.g, I have a pop-up only contains id, name and SSN field, so instead getting those fields data through a service via ID by going through database, I just grab those from my grid data and try to pass them into URL then mapping to my direction pop up model. Commented Jun 5, 2018 at 12:59

1 Answer 1

Reset to default
1

Like @jonrsharpe suggest, we can use eventEmiiter or subject through service to pass data as an object in between component so no need to work on hash query parameter in routing.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

But if I try to reload the same page, I will not work I think.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.