URL Encryption vs. Encoding
Posted
by
hozza
on Programmers
See other posts from Programmers
or by hozza
Published on 2012-03-31T12:40:33Z
Indexed on
2012/03/31
17:42 UTC
Read the original article
Hit count: 161
At the moment non/semi sensitive information is sent from one page to another via GET on our web application. Such as user ID or page number requested etc. Sometimes slightly more sensitive information is passed such as account type, user privileges etc.
We currently use base64_encode() and base64_decode() just to de-humanise the information so the end user is not concerned.
Is it good practice or common place for a URL GET to be encrypted rather than simply PHP base64_encoded?
Perhaps using something like, this:
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
Is this too much or too power hungry for something as common as the URL GET.
© Programmers or respective owner