How do I protect the url from a user changing one of the param/value pairs?
Thanks.
How do I protect the url from a user changing one of the param/value pairs?
Thanks.
You can't.
You need to validate them. You should make sure your page accepts only valid input for each of the parameters. "Valid" may mean many things, like "Does the user have access to view this" and so on.
You can't. It's by definition an external interface. If your system's security depends on this, you should re-think how it's done.
You could encrypt them or hash them and persist the real value cross request.
You can add an HMAC hash of the querystring using a secure random key stored only on the server, then verify the hash on every request.