Posted: 13 Mar 2019 8:49 EDT Last activity: 14 Aug 2019 14:14 EDT
Why the URL parameters get encrypted in Pega 8? (?pzuiactionzzz=...)
We are upgrading a Pega application from version 7 to version 8.
For the sake of simplicity let's take this URL as it is available in all Pega installations (gets the Mashup script): http://[our domain]/prweb?pyActivity=pzIncludeMashupScripts
In Pega 7 the URL becomes: http://[our domain]/prweb/[ruleset stack hash]/!STANDARD?pyActivity=pzIncludeMashupScripts
That's fine, we still have the Activity name ("pzIncludeMashupScripts") in it and it can be parsed.
However in Pega 8 the URL becomes: http://[our domain]/prweb/[ruleset stack hash]/!STANDARD?pzuiactionzzz=CXtpbn1jaW1RV1hLOEoyeVdRaEtra05SQTdzOGFvbEVJRXMrdE1EMm9yaVhFZ2lBRXZ4TlFEVEdH%0AbmN5Sk1HNWVLV1NZ*
It seems that the pzuiactionzzz parameter contains some kind of hashed value of the previous parameters.
So according to the above articles I disabled URL encryption:
Pega-Engine • prconfig/initialization/urlencryption/default: false
Pega-Engine • prconfig/initialization/submitobfuscatedurl/default: optional
But still, the URL parametes get transformed into the ?pzuiactionzzz=... hashed form.
I even tried using the URL Mappings rule, but the "nice URL" was transformed to ?pzuiactionzzz=... as well.
My goal here is to understand what's going on, why it has changed it Pega 8.
So the question is not how to solve this particular problem, but rather to have a general understanding.
Could you please provide some documentation about what is behind this mechanism?
How does the URL encryption work, and is it really connected to that ?pzuiactionzzz=... parameter?
How is the hash calculated for ?pzuiactionzzz=...?
***Edited by Moderator Marissa to update platform capability tags****
After reading your post I guess you would like to enhance security, so I don't think this helps for you, but that's what I could share. :-)
2> Even i got a link in pdn may be related with my topic of encryption can u give your points if time permits currently my POC is on a pega sandbox server and salesforce sanbox server in future once successful it will be rolled over to production.
1> It was an URL generated by Pega. I simply concatenated "#myparam=1" to the URL string, e.g. url = url + "#myparam=1".
2> If I understand correctly, your process starts from Salesforce, that generates the link, e.g.: https://[site which contains the mashup]?accountID=xx. Up to this point, Pega is not involved at all. The URLEncryption Pega setting is only important when an URL is generated by Pega.