0

Hi, am currently using this script to protect/encrpty info in the address bar,but i thnk its not very strong. cn any one help me make/find a more secure one, thanks.

<a href='articlesdetails.php?pif=ixhsuwu9xyysysjj300&yisu=uuwuwuwzuab&jsn=733888559jdjdjdeyey&tsyi=378hyxbh738hssh272sh&zy9stxyw=w&shy272bs2637shuw727hhshs377ywwwyw&id=$id'>
3
Contributors
6
Replies
8
Views
6 Years
Discussion Span
Last Post by mschroeder
0

What is the reasoning for encrypting/protecting what is in the url? Considering this is supplied/visible/modifiable by the user it should never be treated as trusted data and should always be filtered/validated before you use it in your application.

1

what's this at the end? id=$id

Look, you've created the hashes/encryptions - you must have had a reason. What are you trying to do?

0

what's this at the end? id=$id

Look, you've created the hashes/encryption - you must have had a reason. What are you trying to do?

for example, i have a site under construction. www.example.com/
all am trying to do is encrypt any thing that comes after the slash '/' ,example: www.example.com/books.php. i don't what the 'books.php' showing in words, i want to encrypt it,that's all.

Thanks for your concern and time.

Edited by Ezzaral: Change to generic link. Don't post personal links unless absolutely necessary for the question.

0

I have to be honest, I don't see why you need to go to all the trouble of doing that. Why is books.php so secret? Your 'allowed' pages can be protected with something like sessions.

2

While I don't understand your use case, and I think you're encrypting the url parameters for no value, you could do this with mod_rewrite.

However you would need some kind of indicator to tell it where to route the url params to.

e.g.
website.com/books/{encrypted} and your rewrite rules would rewrite this to website.com/books.php?enc={encrypted}

The encrypted text would be best represented by base64_encode( mcrypt_encrypt( http_build_query( $array ) ) );

Your script would then receive this string via the $_GET variable and you would need to decode it, unecrypt it, and then parse the query back into attribute value pairs.

Also if you choose this route be aware you will need to use a URI-safe base64_encode as + / and = are not uri safe.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.