Protecting URL parameters

[JRS]

Hello,

I'm creating a site - that has menus which contain HREFs - I pass parameters - such that the URL will look like this:
www.mysite.com/admin.php?id=2&display=item4&stock=stocknumber etc.

I would like to hide the parameters. So I thought I should encrypt the parameters - using some encryption method and then encode using base64_encode/decode.

Then pass the encoded value as the paramter.

such that: www.mysite.com/data=(some encrypted string)

Would this method work? Are there any issues in doing it this way? I read in searching through the site for a solution - browsers tend encode/decode differently - so I'm not sure if the encoded string will make throug in-tact.

If this is not a good solution - are there any other recommended way to protect the parameters.

Thanks in advance
JRS

[ToonMariner]

if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.

[JRS]

[!--quoteo(post=364949:date=Apr 14 2006, 08:24 PM:name=ToonMariner)--][div class=\'quotetop\']QUOTE(ToonMariner @ Apr 14 2006, 08:24 PM) [snapback]364949[/snapback][/div][div class=\'quotemain\'][!--quotec--]
if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.
[/quote]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS

[neylitalo]

[!--quoteo(post=364964:date=Apr 14 2006, 08:06 PM:name=JRS)--][div class=\'quotetop\']QUOTE(JRS @ Apr 14 2006, 08:06 PM) [snapback]364964[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS [/quote]

I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)

[JRS]

[!--quoteo(post=364980:date=Apr 15 2006, 12:30 AM:name=neylitalo)--][div class=\'quotetop\']QUOTE(neylitalo @ Apr 15 2006, 12:30 AM) [snapback]364980[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)
[/quote]
Neylitalo,
Thanks - you are right the string will be small. Saves me having to write extra software.
JRS