sjjs1985 Posted August 23, 2011 Share Posted August 23, 2011 Hi, I want to send a URL to a user with their name in it: index.php?user=tom how can I encrypt this name so that I can track what they do but if I was hacked nobody else could determine who the user was? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/245484-encrypt-variable-is-url-so-i-can-see-it-but-nobody-else/ Share on other sites More sharing options...
MasterACE14 Posted August 23, 2011 Share Posted August 23, 2011 you could do something like md5() the username. But why do you need to do this in the first place? I'm sure there's a better alternative. Quote Link to comment https://forums.phpfreaks.com/topic/245484-encrypt-variable-is-url-so-i-can-see-it-but-nobody-else/#findComment-1260859 Share on other sites More sharing options...
WebStyles Posted August 23, 2011 Share Posted August 23, 2011 how can I encrypt this name so that I can track what they do but if I was hacked nobody else could determine who the user was I also don't really get the point. if you'll be encrypting simple english names, even though md5 hashes are one-way, it's actually pretty easy to crack them. A name like 'Tom' can be cracked in a few seconds simply by brute force and letter combinations. Also, most common english names already exist in most brute-force dictionaries. Quote Link to comment https://forums.phpfreaks.com/topic/245484-encrypt-variable-is-url-so-i-can-see-it-but-nobody-else/#findComment-1260861 Share on other sites More sharing options...
sjjs1985 Posted August 23, 2011 Author Share Posted August 23, 2011 sorry that was a bad example. The username would be added to another string to make it harder to crack. Quote Link to comment https://forums.phpfreaks.com/topic/245484-encrypt-variable-is-url-so-i-can-see-it-but-nobody-else/#findComment-1260864 Share on other sites More sharing options...
WebStyles Posted August 23, 2011 Share Posted August 23, 2011 how can I encrypt this name so that I can track what they do but if I was hacked nobody else could determine who the user was? imagine you add another code (salt) to the name before generating the md5 hash... Then how do you track them? You'll either need to store the hash corresponding to each user in a database, or every time you need to find out who is who, you'll need to brute-force your own database to figure it out... This will consume quite a few resources (depending on how many users/traffic you have) so I guess you'll be storing the hash along with each username. now if you get hacked (like you say above) chances are your database will be compromised and the hacker will not only have access to the usernames, but also the corresponding hashes. Again, I don't see the point. I'm assuming youhave the usernames in a database, and that each user has a unique id... why not just use that? you can add a weird hash in the middle for misdirection or something, and even split the user's unique id in 2 just to make it a little bit harder... imagine the user id is 1234 and the hash is b5505263bce3830e4fc57ef8187f77c2 you could split the user id into parts: 12b5505263bce3830e4fc57ef8187f77c234 so you know the first and last characters are your user's id, you could split it into four parts, three parts, drop it in the middle somewhere, etc... It will be easy for you to grab it, and it wont make much sense to an average user. (Still, a hacker will probably figure it out) Quote Link to comment https://forums.phpfreaks.com/topic/245484-encrypt-variable-is-url-so-i-can-see-it-but-nobody-else/#findComment-1260866 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.