[Phpwm] Encryption

David Edwards revlob at gmail.com
Fri Aug 17 14:52:20 BST 2007


This isn't what you want to hear, but are you sure you want to be
passing a secure value as a GET parameter? If you are trying to
protect an ID, which is probably an integer, then it would be trivial
to work out what the ID was by running a series of hashes/crypts and
waiting until you found a match. Would that pose a risk to your
application?

--
Dave

On 17/08/07, pete graham <petegraham1 at gmail.com> wrote:
> I need to email people a url with a encrypted variable, I will be
> encrypting the id of a database item. When the user goes to the url
> the server will decrypt the url, select the item with the id from the
> db, then display it.
>
> I was planning to use PEAR Crypt_Blowfish to do this, however produces
> output like:
> )Y<��hx#���~�|U%
> This needs url encoding so my link looks like this:
> www.mysite.com/page.php?id=%29Y%3C%B9%E0hx%23%90%FA%C4%7E%DC%7CU%25
> Which looks kind of naff in my opinion.
>
> Is there an alternative symmetric encryption facility in PHP which
> will produce "nicer" but still secure cyphered text? something like
> www.mysite.com/page.php?id=2sg09sadkb2lnv. I haven't been able to test
> the PHP mcrypt functions as there not setup on the server I'm using at
> the moment.
>
> I realise the alternative would be to hash (sha1) the id and then
> store the hash in the DB, however I didn't really want to store the
> extra data.
>
> Thanks, Pete
>
> _______________________________________________
> Phpwm mailing list
> Phpwm at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/phpwm
>
>


More information about the Phpwm mailing list