Encrypt database primary keys
843811Sep 29 2005 — edited Oct 1 2005Hi all,
Currently i am coding a kind of private message system for my webapplication.
If the primary keys of the messages are send to the client in plain text, a user could in-/decrease the ids and could perhaps get access to messages of other users.
I thougth to encrypt the database ids with 3DES before i create the HTML code.
So if a user manipulates the id no object in database will be found.
1. I don't understand, that the decrypt method does not throw an exception when the encrypted string is wrong.
The result contains only some ? characters.
A program can not react on wrong encryption text.
2. The database id start from number 1.
What's the minimum plaintext for 3DES encryption.
Do i have to fill up with zeros to a special length?
thanx