Enhanced URL Encryption for SR
- Enterprise IT
- Mayuresh Balaji Kamble (Unlicensed)
Currently, when selecting a user to create a service request, the user's ID is passed as a query string in the URL, even though it is encrypted. We aim to eliminate the exposure of this entire query string for security purposes.
The goal is to ensure the data remains secure. To achieve this, we are encrypting the entire query string URL.
There are dependencies on multiple pages, but our primary focus is on two pages: creating a service request and the 'My Service Request' page, where copying a request is an option to create a new request.
The parameters are extracted and their values from the query string, encrypted using a project-specific key and then redirected the encrypted query string to SR_LogServiceCatalog.aspx. To streamline functionality, we have introduced a single parameter, 'es.' This parameter allows us to ensure the proper functioning of all other parameters by checking it before each pre-initialization of parameters.
The changes are applied to the following pages:
SR_MyServiceRequestDetails.apsx.cs
SR_LogServiceCatalog.aspx.cs
SR_LogServiceTicket.aspx.cs
SR_ViewCartItems.aspx.cs
Confluence Cloud Migration Alert: Please refer to known issues you may encounter in Confluence Cloud: https://eitdocs.atlassian.net/wiki/x/wDGwAQ