JRS Posted April 14, 2006 Share Posted April 14, 2006 Hello,I'm creating a site - that has menus which contain HREFs - I pass parameters - such that the URL will look like this:www.mysite.com/admin.php?id=2&display=item4&stock=stocknumber etc.I would like to hide the parameters. So I thought I should encrypt the parameters - using some encryption method and then encode using base64_encode/decode.Then pass the encoded value as the paramter.such that: www.mysite.com/data=(some encrypted string)Would this method work? Are there any issues in doing it this way? I read in searching through the site for a solution - browsers tend encode/decode differently - so I'm not sure if the encoded string will make throug in-tact.If this is not a good solution - are there any other recommended way to protect the parameters.Thanks in advanceJRS Link to comment https://forums.phpfreaks.com/topic/7445-protecting-url-parameters/ Share on other sites More sharing options...
ToonMariner Posted April 15, 2006 Share Posted April 15, 2006 if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)You will need to decrypt the info so have a look at the mycrypt function. Link to comment https://forums.phpfreaks.com/topic/7445-protecting-url-parameters/#findComment-27125 Share on other sites More sharing options...
JRS Posted April 15, 2006 Author Share Posted April 15, 2006 [!--quoteo(post=364949:date=Apr 14 2006, 08:24 PM:name=ToonMariner)--][div class=\'quotetop\']QUOTE(ToonMariner @ Apr 14 2006, 08:24 PM) [snapback]364949[/snapback][/div][div class=\'quotemain\'][!--quotec--]if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)You will need to decrypt the info so have a look at the mycrypt function.[/quote]ToonMariner,Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. SoI thought I would just use generic variable such as data.I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much Thanks for your replyJRS Link to comment https://forums.phpfreaks.com/topic/7445-protecting-url-parameters/#findComment-27140 Share on other sites More sharing options...
neylitalo Posted April 15, 2006 Share Posted April 15, 2006 [!--quoteo(post=364964:date=Apr 14 2006, 08:06 PM:name=JRS)--][div class=\'quotetop\']QUOTE(JRS @ Apr 14 2006, 08:06 PM) [snapback]364964[/snapback][/div][div class=\'quotemain\'][!--quotec--] ToonMariner,Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. SoI thought I would just use generic variable such as data.I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much Thanks for your replyJRS [/quote]I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :) Link to comment https://forums.phpfreaks.com/topic/7445-protecting-url-parameters/#findComment-27155 Share on other sites More sharing options...
JRS Posted April 15, 2006 Author Share Posted April 15, 2006 [!--quoteo(post=364980:date=Apr 15 2006, 12:30 AM:name=neylitalo)--][div class=\'quotetop\']QUOTE(neylitalo @ Apr 15 2006, 12:30 AM) [snapback]364980[/snapback][/div][div class=\'quotemain\'][!--quotec--]I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)[/quote]Neylitalo,Thanks - you are right the string will be small. Saves me having to write extra software.JRS Link to comment https://forums.phpfreaks.com/topic/7445-protecting-url-parameters/#findComment-27158 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.