Reputation: 2679
How to protect sensitive data in URL's
So i am trying to protect some data in an URL, so it can not be manipulated.
I found this site:
https://www.owasp.org/index.php/How_to_protect_sensitive_data_in_URL's
I followed the steps of this site. The site says
The above will give you a value like "\xd8\x75\x26\xd5\x59\x45\x47\x1b\x02\x13\x13\xa5\xa8\x4d\x61\xd8\x94\xb0\x87\x60\x40\x2f\x29\x63\x2f\x13\x9c\xc3\x42\x88\xf1\xe5".
* Use that for $secret instead of a human-readable password.
I did all this and got such a random key generated, then i used the key instead of of an human-redable password like mentioned above. The problem is, when i give this random generated key to the next site, how will this site be able to generated the same key and then tell me if they are equal or not? I hope it's understandable enough... If i generate something randomly on page1, how can page2 know how exactly the random generated key has to look like? I can only generate another key on Page2 but it will never be the same like page1.
Upvotes: 0
Views: 454
Answers (1)
Reputation: 264
What I have used in the past is the following approach:
Having the following set of data:
$array = Array(
'TIMESTAMP' => time(),
'USERID' => 'idhere'
)
I would first serialize this array to get a representation of it's value, and then Encode this information with MIME base64:
?param-in-url=base64_encode(serialize($array));
Later on you can receive it back using:
$data = unserialize( base64_decode( $_REQUEST['param-in-url'] ) );
Upvotes: 1
Related Questions
- Encrypting data in url
- How to secure the id that are passed in a URL?
- how to protect an ID in the url with php?
- How to secure a URL service?
- How to encrypt get data in URL
- Hide/protect URL - GET string/data
- How to hide or encode the url with some php function?
- How to protect access to a url?
- How to 'encrypt' information passed along in URL when redirecting in PHP?
- The URL Security