sending data in a secure way

Question

I want to send some data using GET over http. I want to decrypt or scramble it for security reasons so instead of sending: http://www.website.com/service?a=1&b=2&b=3 i want it to look like http://www.website.com/service?data=sdoicvyencvkljnsdpio and inside the service to be able to decrypt the message and get the real data.

What is the best approach for this?

Thanks!

Answer 1

SSL and POSTing the data would be a sensible way to approach this, but if you must do it with GET you can still keep it fairly secure

The MCrypt libraries for PHP are very good, then on the receiving page you would need a checksum to be absolutely sure that the string passed hasn't been tampered with.

Answer 2

You can use SSL and certificates. You can see it works here: http://mattfleming.com/node/289. You can find various tutorials on how to do that based on for your specific web-server.

Answer 3

What laguage are you in? If php you could look up on the mcrypt functions.

But seriosly. Probably a better way for that would be to use HTTPS, which was designed for that.

I don't know about your application but it could have relevance.

Another common tequnique is the secure token teqnique where you basically generate a hash of your params and a secret token. The token is the only thing not included in the url. At the other end you re-create that hash with the same secret token and see if itmatches. This way youc an compile security methods like IP validation, time to live timestamps or signing a request by a user.

A more advanced method is the HTTP Digest authentication