Encoding and encrypting URL arguments

Because of the difficulties in passing arguments as URLs (which are highly constrained by the HTTP standard to contain only specific characters and whose character symbols are fairly overloaded) it makes more sense to encode all values as a URL "payload", and pass this payload as part of the URL. This is what users normally see as part of the Sigma URL, i.e. a long string of hexadecimal numbers rather than any path components.

Encoding the URL "payload" provides extra security by obscuring the actual pathname components of the system. It also provides the ability to pass any character regardless of its (possibly special) meaning. For example, Chinese characters can be passed as part of the URL without need for special language support. Binary data (including compressed data) can also be passed using this method.

The Sigma framework encodes the URL payload as a matter of course, rather than relying on the previous methods discussed. (The previous discussion about passing the URL payload is mainly useful to illustrate the operation of the web.exe program, and is usually not practical to actually implement.)

Sigma provides various tools to encrypt URL arguments, including the "system/sigcmd.exe" framework component, discussed in later sections. The user can easily encode any single line of data. The encoding uses a proprietary block rotating, time sensitive, non-repeating cipher, which is highly secure.

The programming techniques to make use of this encoding are straightforward. The program developer either passes at URL argument to a function call or executes the "system/sigcmd.exe" command line utility to encode and encrypt the URL data before it is written to standard output.