Reputation: 43
Hiding URL variables/values in a query string. PHP
What's the best way to hide variables and their values in a query string when passing it to the server? I have done a lot of research and still can't find an optimal solution. Sending them by GET method shows the variables in the network activity tab (google chrome), and sending them by POST also shows them in the network send headers.
I have also considered encrypting them, but since the encryption is done on the frontend it would be easy for somebody to get the encryption seed/key and decrypt the information (not to mention it would be heavy on the server to decrypt every call).
Upvotes: 0
Views: 133
Answers (1)
Reputation: 34103
In short: Don't encrypt URL parameters, use a separate look-up.
Also, using HTTPS is basically non-negotiable if you desire any measure of web application security. It should be treated as mandatory in 2019. Get comfortable with TLS 1.2+.
What developers want to do
What developers should do instead
Upvotes: 1
Related Questions
- Encrypt parameter in url
- How can I encrypt an URL (or rather the GET parameter part of it) using PHP?
- Obscure and encode a URL parameter
- Encrypt PHP query string value in URL
- Hide parameters from the URL for users to see
- Encrypt a query string inside of an anchor tag
- URL parameters value encryption/decryption
- How to 'encrypt' information passed along in URL when redirecting in PHP?
- Encrypting or Hiding Strings sent in the url
- Encrypting Querystring and Decrypting it in PHP