URL Encryption vs. Encoding

Posted by hozza on Programmers See other posts from Programmers or by hozza
Published on 2012-03-31T12:40:33Z Indexed on 2012/03/31 17:42 UTC
Read the original article Hit count: 161

At the moment non/semi sensitive information is sent from one page to another via GET on our web application. Such as user ID or page number requested etc. Sometimes slightly more sensitive information is passed such as account type, user privileges etc.

We currently use base64_encode() and base64_decode() just to de-humanise the information so the end user is not concerned.

Is it good practice or common place for a URL GET to be encrypted rather than simply PHP base64_encoded?

Perhaps using something like, this:

$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));

$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");

Is this too much or too power hungry for something as common as the URL GET.

© Programmers or respective owner

Related posts about php

Related posts about programming-practices