Solved

Encypt variable in web address

Posted on 2003-10-30
6
225 Views
Last Modified: 2008-02-26
I have a variable (siteid) which is passed from page to page in the address (eg www.d6online.co.uk?siteid=2753).
This variable is associated to a specific customer. If the user changed the value of the variable in the address bar they would have access to other customer's information. This just can't happen.

What I want to know is what is the best and easiest way of hiding this information from the user.

Hiding the address bar is no good as the properties will still tell them, also I would like the address bar to stay.

Is there a way of encrypting the data and still being able to use it in every page?

Thanks
0
Comment
Question by:wjdashwood
6 Comments
 
LVL 11

Accepted Solution

by:
shmert earned 90 total points
ID: 9652380
the best way to hide data from the user is to put it in a session variable.  The user cannot change the session variables, and cannot read them, he only has access to the sessionID.

Example:
<?php
session_start();
$_SESSION['siteid'] = 2753;
?>
0
 
LVL 2

Assisted Solution

by:jetnet
jetnet earned 90 total points
ID: 9652692
You might want to look into PHP Sessions.  its a much more secure way of doing what your trying to do.  Plus, the users will not be able to make changes to the URL like what your talking about.

Plus, encrypting things like that are going to be intensive on your processor.  So its easier to just use sessions.  If your still wanting to look at it, look at http://us2.php.net/crypt.  That should help you out.
0
 
LVL 2

Assisted Solution

by:TaintedGod
TaintedGod earned 90 total points
ID: 9653309
I dont think you need to use sessions, sessions can still be forged just like address, so you can encrpt the address variable with the md5() hash, which will make tampering impossible because there are too many wrong possibilities.

So what you do is add this to your code :   $_SESSION['siteid'] = md5($_SESSION['siteid']);
or to make it eaier to use : $siteid = md5($_SESSION['siteid']);

Now guessing will be impossible and your clients information is safe, also you can do the md5 hash more than once to make it more secure.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 6

Assisted Solution

by:DoppyNL
DoppyNL earned 90 total points
ID: 9655838
forging a sessions is IMPOSSIBLE, since those are stored on the server.

A reference to that session is passed along between the user and the server, that is the only risc you have.
If you disable passing the sessionid via the url and force your users to use cookies, then you are safe! Simply, because if some hacker got access to that cookie, he would've also got access to any other solution you might come up with!

in short: sessions are safe enough.
You might want to think of using passwords though (or are you allready?)
0
 

Author Comment

by:wjdashwood
ID: 9656578
Yes I am using passwords. I use the username and password they login with to get the siteid from the database. I'll look into sessions, thank you all for helping me out.
0
 
LVL 3

Assisted Solution

by:ashoooo
ashoooo earned 40 total points
ID: 9659941
Sessions are the best bet.

I usually store the username in the session variable.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now