Jump to content


Photo

Protecting URL parameters


  • Please log in to reply
4 replies to this topic

#1 JRS

JRS
  • Members
  • PipPipPip
  • Advanced Member
  • 45 posts

Posted 14 April 2006 - 11:26 PM

Hello,

I'm creating a site - that has menus which contain HREFs - I pass parameters - such that the URL will look like this:
www.mysite.com/admin.php?id=2&display=item4&stock=stocknumber etc.

I would like to hide the parameters. So I thought I should encrypt the parameters - using some encryption method and then encode using base64_encode/decode.

Then pass the encoded value as the paramter.

such that: www.mysite.com/data=(some encrypted string)

Would this method work? Are there any issues in doing it this way? I read in searching through the site for a solution - browsers tend encode/decode differently - so I'm not sure if the encoded string will make throug in-tact.

If this is not a good solution - are there any other recommended way to protect the parameters.

Thanks in advance
JRS

#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 15 April 2006 - 12:24 AM

if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.


follow me on twitter @PHPsycho

#3 JRS

JRS
  • Members
  • PipPipPip
  • Advanced Member
  • 45 posts

Posted 15 April 2006 - 01:06 AM

[!--quoteo(post=364949:date=Apr 14 2006, 08:24 PM:name=ToonMariner)--][div class=\'quotetop\']QUOTE(ToonMariner @ Apr 14 2006, 08:24 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.
[/quote]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS

#4 neylitalo

neylitalo
  • Staff Alumni
  • Advanced Member
  • 1,854 posts
  • LocationMichigan, USA

Posted 15 April 2006 - 04:30 AM

[!--quoteo(post=364964:date=Apr 14 2006, 08:06 PM:name=JRS)--][div class=\'quotetop\']QUOTE(JRS @ Apr 14 2006, 08:06 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS [/quote]

I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)

http://nealylitalo.net - My personal website, and home of The Netizen's Journal.

#5 JRS

JRS
  • Members
  • PipPipPip
  • Advanced Member
  • 45 posts

Posted 15 April 2006 - 04:43 AM

[!--quoteo(post=364980:date=Apr 15 2006, 12:30 AM:name=neylitalo)--][div class=\'quotetop\']QUOTE(neylitalo @ Apr 15 2006, 12:30 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)
[/quote]
Neylitalo,
Thanks - you are right the string will be small. Saves me having to write extra software.
JRS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users