You need to sign in to do that
Don't have an account?
Encrypting parameters in the urls for web tabs and buttons
Is it possible to encrypt parameters in the url for a custom button or a tab?
For instance, we are using the following url for our web tab:
https://[our app page]?ServerURL={!API.Enterprise_Server_URL_230}&SessionID={!API.Session_ID}
http://wiki.developerforce.com/page/Requirements_Checklist -- this article says: "Session ID should always be encrypted in transmission". Has anybody encrypted these or any other parameters directly in the url?
What we think we can do is to create User custom field (encrypted session ID) and populate it every time user logs in. Then we could use it in the url. (We haven't tried yet though since we still hope that there's a more elegant solution for this problem.)
Encrypted in transmission suggests to me that it should always be over an SSL or TLS connection.
Thanks for your answer, but could you please explain in more detail?
When we click on the button we get a popup window with our own app and the query string of this page is:
https://[our app page]?SessionID=[session id]
So it is showing session id to the user and we don't think it's secure.
I don't think you have a choice about that. The session id is required by SFDC, and you can't tell it how to process that before using it.