Is encrypting a query parameter within a URI a security best practice?
Assumption a customer is sitting in a public area connected to a public wifi. A threat actor can access the customer's browser and read all Javascript variables.
Step 1. example.com server sends the following information to trustworthy.external.domain over https:
redirectPath="https://www.example.com/public/endpoint"queryParam1="secret1"queryParam2="secret2"
Step 2. trustworthy.external.domain returns a URL back to example.com that looks something like:
https://trustworthy.external.domain.session/{unique_session_id}
Step 3. example.com client redirects the customer to the URL received in step 2. The customer now has a secure connection from their web browser to trustworthy.external.domain.session.
Step 4. A form starts rendering in the customer's web browser from trustworthy.external.domain.session. Javascript code running on the customer's web browser grabs the redirectPath, queryParam1, and queryParam2 that were previously sent back in step 1 and decrypts them into plaintext on the customer's web browser.
Step 5. The form completes loading and the customer fills out some sensitive information and click a submit button, which transmits this sensitive information to trustworthy.external.domain.session over https.
Step 6. The customer is redirected back to redirectPath along with query parameters queryParam1 and queryParam2 over https.
Step 7. example.com gets the redirectPath, queryParam1, queryParm2 and does a final redirect to let the customer know the entire session was a success.
My concern is in step 4 above where the queryParam1, and queryParam2 are visible in plaintext on the customer's web browser when viewing the trustworthy.external.domain.session form. When I set breakpoints in the javascript debugger, I see these two variables are decrypted and visible in plaintext. If a bad actor manages tampers with the plaintext query parameters before the customer moves on to step 5, then the customer could be redirected anywhere in step 6.
My idea: To prevent this from happening, my idea I have to modify step 1 as follows:
redirectPath= "https://www.example.com/public/endpoint"queryParam1=encrypt("secret1")queryParam2=encrypt("secret2")
Then in step 7, example.com receives the encrypted query parameters, which can be decrypted by us. The decryption would fail if they were tampered with. If untampered, example.com and perform the redirect.
My QuestionDoes my solution make sense and is it aligned with security best practices?
