SCook Posted June 27, 2007 Share Posted June 27, 2007 Hi gang, I've gotten some help with mcrypt, and I appreciate it, but it appears that the server I'm using doesn't have it installed. Is there any other way, or does anyone have a simple encryption method? A text jumble or converting letters to numbers or anything? I just want to throw off those who view the query string is all. Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 27, 2007 Share Posted June 27, 2007 use md5 Quote Link to comment Share on other sites More sharing options...
redarrow Posted June 27, 2007 Share Posted June 27, 2007 for a normall user this is ok as long they dont no php but if your updating from ur link please conact the admin ok. <?php $message="hi there i am redarrow"; $encoded=base64_encode($message); echo " encoded: <br><br> $encoded <br>"; $decodded=base64_decode($encoded); echo "<br> decoded: <br><br> $decodded <br> "; ?> ps. you can use md5 but md5 can not be decoded ok. Quote Link to comment Share on other sites More sharing options...
utexas_pjm Posted June 27, 2007 Share Posted June 27, 2007 I would submit to you that anyone who is savvy enough to attempt tampering with your query strings will not be put off by a simple "Caesar Cipher" type encryption attempt (or encoding in another base). I feel like your time would be better spent validating data sent in on the server side instead of burning cycles implementing a trivial obfuscation scheme. Best, Patrick Quote Link to comment Share on other sites More sharing options...
SCook Posted June 28, 2007 Author Share Posted June 28, 2007 You're right, Patrick, but there's an old saying "Locks are only to keep the honest people out." Essentially, this is to throw off anyone who might like to look over someone's shoulder while their password or username is being verified. It's not menat to be super secure, really, so this would be an ok fix. Quote Link to comment Share on other sites More sharing options...
corbin Posted June 28, 2007 Share Posted June 28, 2007 If you wanted to get really ghetto/weird with it and be a little more secure you could do something like: $str = "YOUR STRING"; $r = rand(1,10); $marker_length = 2; for($i = 0; $i < $r; $i++) { $str = base64_encode($str); } while(strlen($r) < $marker_length) { $r = "0" . "{$r}"; } $str .= $r . $str; It would be very weird, and I don't know what kind of performance hit you would get from it, but if worst came to worst it would be decent. Quote Link to comment Share on other sites More sharing options...
utexas_pjm Posted June 28, 2007 Share Posted June 28, 2007 You're right, Patrick, but there's an old saying "Locks are only to keep the honest people out." Essentially, this is to throw off anyone who might like to look over someone's shoulder while their password or username is being verified. It's not menat to be super secure, really, so this would be an ok fix. I see. In that case why not just send that kind of data via POST instead of in the query string? Patrick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.