I have made an encryption of "auth" using AES as follows:
| <cfset skey = generateSecretKey("AES")> | ||
| <cfset regkey = encrypt("auth", skey, "AES", "hex")> |
I attached the result for example to an URL
(auth is assign regkey i.e. ,,,,,,htm?auth=#regkey#)
This works perfectly under perfect condition. However, if I go ahead and try to "hack" the code and make it shorter and change some characters like this:
http://www.mydomain.com/authorization.htm?auth=453424AEFE414DCA7392FDCC50AFE9D0312B2B2530A 985386B83
The Decrypt function:
<cfset theword=decrypt(url.auth, skey, "AES", "hex")>
just crash! It throws an exception. Isn't it supposed to just return bad string rather than crashing? This is pretty bad.
Is there way to check for the URL.auth before passing to Decrypt? Thanks in advance.