Obfuscate php variables being passed

Question

I have a var being passed through a javascript function and I'm looking to obfuscate the var before being sent to the user then reverted when submitted back through php.

$data = "111:222:333:444";

$data is being generated and put into the view (javascript function)

<img src="button.jpg" alt="" onclick="newfunc(111:222:333:444)" />

Its then sent back to the sever to process

Is there anyway to hash this number so it will look like

"8f8fu8vu8fu8fhguf99fu8fu8fu8fu" insted of 111:222:333:444?

Is there any php functions that are similar to md5 that allow you to revert back to de-obfuscate the var?

Any help would be greatly appreciated.

Answer 1

Well, if you use base64, you can decode it back, and so does others.(Your users that you want to keep it private from.)

So I would suggest you to make some random patterns and append/mix with the data and clean it once you get the data back.

Answer 2

It is impossible to securely encrypt (read truly obfuscate) anything using javascript.

There is, for example, a bluefish encryption library for javascript, but since the private key needs to be known to the javascript function in question.. the client/browser doing the encryption has to know the key, therefore it cannot, by design, be secure.

What you can do, is trust "security through obscurity" (but again, client side security can never work) and base64-encode the string to "obfuscate it"..

Everyone who knows what they are doing will be able to revert any attempt you make at obfuscating the string...

BUT! You can send the string to your server (via an ajax call), have it asynchronously encrypt the plaintext and return you truly obfuscated text.. which the server, in turn can then decrypt (again via an ajax call).

hope that helps....