Quick question, this may not make any sense but it is a thought, I was thinking, like I usually like to do, when you pass variables over a browser would it be crazy to md5 hash and salt the variables id and keep them in a db table and md5 hash the equal sign too. what I mean is instead of
you could get something like this
before this is implemented though you could make the "=" sign equal to a alphanumeric like k3 or something and md5 pass and user with a salt and add an array to the subsequent hash like putting a set of letters or numbers in the string at certain positions. therefore you would have the original hash of dgdf5fd54f6dg654dfg1f1d8fd1fd1g68df11fd1fd1618e161g61fd61d651d6f16df1f but lets say at a certain amount of digits you put your broken up array like at the third digit you put a 2 or an f and at the fifth you put a 6 depending on how many equal signs you have you could subtract the equal signs from 32 and add that many digits to the incoming variable so if anyone tries to break your variable dividing it by 32 digits they would not be able to come up with a formula. so for every id and value you would have 32 digits plus the (equal variable - 32=variable)variable. which would make an ugly get or post. on the input side you would have the encryption and on the logic side the decryption.
- the user goes to your website
- enters the authentication method ie username and password
- the php takes the username and password takes the URL that is going to be sent and finds the ids and the values.
- md5's the ids, the username and the passwords with the salt
- puts in the php defined salt array minus the equal signs which is an alpha numerical two digit
- this gets sent over to the authenticate php
- the php desalts the post or get
- passes the variables to the database
- decides if OK or otherwise
I don't know does this make any sense I'm just thinking about it. You can thank live http headers for this thought.