Mr_J Posted October 5, 2009 Share Posted October 5, 2009 Hi all, My boss wrote a VB2008 program which use a .php prog, on the internet of course, to display the location on google maps of any given address or GPS value. IOW, you enter the address/gps co-ordinates, click display map and we display the map of google on OUR server. The program is currently installed in a Government institute in South Africa. Can you imagine the server abuse we get. Now, we want to encrypt the date to add a variable password linked to the current date. The catch is that VB needs to understand the php encription. Can anyone assist as I don`t even know where to start. MD5 ? Example http://www.pharmacy.za.org/maps/map-adr.php PS. This is where I live Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 5, 2009 Share Posted October 5, 2009 Well, MD5 is not encryption. It could work - assuming VB Script supports the MD5 algorithm. But, there are two potential problems with that: 1) MD5 cannot be undone. So, if you are planning to pass an MD5 value from one place to another and to be able to read the original value, that will not work. 2) If you are only using the value as a checksum (i.e. check the MD5 value passed to the MD5 of another known value) then it might work. But, if you are passing the value on the URL, others will see it. As long as they do not know it is the MD5 of a date you are fine, but if they were to figure it out they could generate MD5 values as they need them. I'm not really clear on how you plan to use this. But, option #2 - if applicable - could work for you, just use a salt in the process. However, if you need a value that can be decrypt, then I would suggest creating your own process for encrypting/decrypting. If this was for protecting government or business secrets then I would suggest looking for a true encryption process that was cross-platform compatible. But, since this is about server abuse I think you could come up with some method that will sufficiently deter abuse. Here's a simple example: Date: 10-05-2009 Reverse each group of characters: 01-05-9002 remove dashes: 01059002 Replace numbers with character equivalent: ABFAJAAC You could then write the reverse process in a different language to get the original value. Now that is only a very simple example and in no way a method to secure data. But, I think it may be a sufficient deterrent for server abuse. Quote Link to comment Share on other sites More sharing options...
Mr_J Posted October 5, 2009 Author Share Posted October 5, 2009 Yes, this is all about server abuse. I will try something like that, Thanks for your response... Quote Link to comment Share on other sites More sharing options...
Mr_J Posted October 5, 2009 Author Share Posted October 5, 2009 Just another thought: What if I would use sessions and simply block a 2nd session from the given IP? Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 5, 2009 Share Posted October 5, 2009 I am not clear on exactly what abuse is occuring or how the VB Script and PHP come into play, so I have no idea. Someone cuold abuse the server using a single computer - and in most cases probably would. And, I doubt it would be a second session. It would most likely be the same session making many requests (again I am just speculating because the problem isn't well defined). In that case you could implement somethign to limit the number of "requests" in a single session or impose a timelimit before a subsequent request could be made. I know there are forums that don't allow you to post comments more than x number of seconds apart to prevent mass bot posting. Quote Link to comment Share on other sites More sharing options...
Mr_J Posted October 6, 2009 Author Share Posted October 6, 2009 I am not clear on exactly what abuse is occuring or how the VB Script and PHP come into play, so I have no idea. Someone cuold abuse the server using a single computer - and in most cases probably would. And, I doubt it would be a second session. It would most likely be the same session making many requests (again I am just speculating because the problem isn't well defined). Sorry for the poor definition of my question/problem. We develop software. We have a app, InspectorView. This is a simple app to record/make appointments/comment on various tasks. This app is for Health Inspectors. When they have to Inspect a premises/Food store/Chemist etc. they can type the physical address in a provide field and click "view map". Due to political reasons, there is big internal argues in the organization. Then, they copy the address//open in a new window/tab so many times, resulting in a DOS. When the actual inspector needs the info, the server returns a DOS, putting us in the BAD spot-light "THE PROGRAM DOES NOT WORK". In that case you could implement somethign to limit the number of "requests" in a single session or impose a timelimit before a subsequent request could be made. I know there are forums that don't allow you to post comments more than x number of seconds apart to prevent mass bot posting. I have slept over this issue and came to some conclusions: 1. Use a cookie to record the time of access of the user then start a session to time the user online, switching off all right-click functions and toolbar`s etc. using JavaScript. After, say the 3rd load, I redirect the user to a dummy page. ** This leaves me with another problem, I can only use the given info i.e. session id/IP address/date&time etc. to identify the user. When there is an actual query, the real user AKA inspector, can`t access the info. 2. Make a Log-in function for each request. Start the session and destroy it after the request(s), logging the user data, I will be able to identify the bad-apple. ** Problem: What if there is only 1 computer operator? *** If the software will be used internationally, how many health inspectors is in, for example, America or UK? This is why I wanted to use some function where I can encrypt the DATE in .NET and decrypt it in PHP. I`m blown away... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.