Reputation: 651
URL Encryption in php when passing sensitive parameters (joomla+codeigniter)
I'm using codeigniter inside joomla by using iframe. Some pages i need to get the user group if admin or user So i find a way to send values to iframe by using url with the following code:
<?php
//add user id
$user_id = JFactory::getUser()->id;
?>
<iframe <?php echo $this->wrapper->load; ?>
id="blockrandom"
name="iframe"
src="<?php echo $this->escape($this->wrapper->url) . "?user=" . $user_id; ?>"
The problem is the type of the user will apear in url so is their any way to encrype the url and decrypt it in the other page?
Upvotes: 1
Views: 909
Answers (1)
Reputation: 34093
is their any way to encrype the url and decrypt it in the other page?
You're asking for some way to do this...
...when in reality, you want to do this:
The reasons why you want to avoid encryption are explained in depth in this blog post, but the main reasons are that encrypting URL parameters introduces the following concerns to your application:
- Chosen-ciphertext attacks
- Replay attacks
- Secure encryption would result URLs longer than most people are happy with (IV/nonce + HMAC tag)
- Side-channel cryptanalysis
Whereas the alternative is: You can simply add a UNIQUE TEXT field to your SQL table, populate it with base64_encode(random_bytes(15)), and call it a day.
All together now, shouting from the rooftops: Don't encrypt URL parameters, use a randomized lookup instead.
Upvotes: 1
Related Questions
- Encrypt parameter in url
- Encrypted parameter in URL using CodeIgniter
- how to encrypt url parameters in codeigniter without disallowed characters?
- Codeigniter encrypted url not allowing in URL
- How to encrypt url parameter in codeigniter?
- Encrypting url(parameters only)
- codeigniter url encrypt not working
- Decrypting parameters Codeigniter
- CodeIgniter with encrypted URLs
- Encrypted data in URLs