Jump to content

Archived

This topic is now archived and is closed to further replies.

JRS

Protecting URL parameters

Recommended Posts

Hello,

I'm creating a site - that has menus which contain HREFs - I pass parameters - such that the URL will look like this:
www.mysite.com/admin.php?id=2&display=item4&stock=stocknumber etc.

I would like to hide the parameters. So I thought I should encrypt the parameters - using some encryption method and then encode using base64_encode/decode.

Then pass the encoded value as the paramter.

such that: www.mysite.com/data=(some encrypted string)

Would this method work? Are there any issues in doing it this way? I read in searching through the site for a solution - browsers tend encode/decode differently - so I'm not sure if the encoded string will make throug in-tact.

If this is not a good solution - are there any other recommended way to protect the parameters.

Thanks in advance
JRS

Share this post


Link to post
Share on other sites
if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.

Share this post


Link to post
Share on other sites
[!--quoteo(post=364949:date=Apr 14 2006, 08:24 PM:name=ToonMariner)--][div class=\'quotetop\']QUOTE(ToonMariner @ Apr 14 2006, 08:24 PM) [snapback]364949[/snapback][/div][div class=\'quotemain\'][!--quotec--]
if you are absolutely desperate to protect the url variables then perhaps have a look at encoding the entire string after the .php? (this way you hide the variable names too which can be useful!)

You will need to decrypt the info so have a look at the mycrypt function.
[/quote]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS

Share this post


Link to post
Share on other sites
[!--quoteo(post=364964:date=Apr 14 2006, 08:06 PM:name=JRS)--][div class=\'quotetop\']QUOTE(JRS @ Apr 14 2006, 08:06 PM) [snapback]364964[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ToonMariner,
Thanks - yes I will encrypt the entire string - but still would need 1 data variable to retrieve the string. So
I thought I would just use generic variable such as data.

I was thinking of writing a simple encryption routine - nothing extremely complicated for this - mcrypt encryption would be quite cpu intensive right? I don't want to slow the the system down too much

Thanks for your reply
JRS [/quote]

I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)

Share this post


Link to post
Share on other sites
[!--quoteo(post=364980:date=Apr 15 2006, 12:30 AM:name=neylitalo)--][div class=\'quotetop\']QUOTE(neylitalo @ Apr 15 2006, 12:30 AM) [snapback]364980[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I don't think it would be very CPU intensive at all - remember, you're using a relatively powerful machine to run a relatively simple encryption/decryption process on a relatively small string. The only way it would really slow down the machine is if you were to encrypt/decrypt a HUGE string or file. I think mcrypt would work beautifully. :)
[/quote]
Neylitalo,
Thanks - you are right the string will be small. Saves me having to write extra software.
JRS

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.