Jump to content

Protecting URL parameters


JRS

Recommended Posts

Hello,

I'm creating a site - that has menus which contain HREFs - I pass parameters - such that the URL will look like this:
www.mysite.com/admin.php?id=2&display=item4&stock=stocknumber etc.

I would like to hide the parameters. So I thought I should encrypt the parameters - using some encryption method and then encode using base64_encode/decode.

Then pass the encoded value as the paramter.

such that: www.mysite.com/data=(some encrypted string)

Would this method work? Are there any issues in doing it this way? I read in searching through the site for a solution - browsers tend encode/decode differently - so I'm not sure if the encoded string will make throug in-tact.

If this is not a good solution - are there any other recommended way to protect the parameters.

Thanks in advance
JRS
Link to comment
Share on other sites

if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.

Link to comment
Share on other sites

[!--quoteo(post=364949:date=Apr 14 2006, 08:24 PM:name=ToonMariner)--][div class=\'quotetop\']QUOTE(ToonMariner @ Apr 14 2006, 08:24 PM) [snapback]364949[/snapback][/div][div class=\'quotemain\'][!--quotec--]
if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.
[/quote]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS
Link to comment
Share on other sites

[!--quoteo(post=364964:date=Apr 14 2006, 08:06 PM:name=JRS)--][div class=\'quotetop\']QUOTE(JRS @ Apr 14 2006, 08:06 PM) [snapback]364964[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS [/quote]

I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)
Link to comment
Share on other sites

[!--quoteo(post=364980:date=Apr 15 2006, 12:30 AM:name=neylitalo)--][div class=\'quotetop\']QUOTE(neylitalo @ Apr 15 2006, 12:30 AM) [snapback]364980[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)
[/quote]
Neylitalo,
Thanks - you are right the string will be small. Saves me having to write extra software.
JRS
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.