Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypted data in URLs

I am developing a PHP application to manage orders for a company. To view an order the URL is currently /orders/view/3502.

I don't want the order ID number to appear in the URL, so I used CodeIgniter's encrypt library to encrypt the ID in the URL. The URL (after encryption) looks like /orders/view/AaffGdQQ.

The problem I am having is sometimes the encrypted ID contains a forward slash or a plus sign, which don't work correctly when in a URL. CodeIgniter reads the URL based on slashes, so, if the encrypted ID had a slash, it would read that as 2 variables, not one. Also, plus signs are interpreted as spaces in URLs.

So, my question is, how can I encrypt the ID and be sure that the string does not contain a plus sign or a slash?

EDIT: I had an idea to see if the encrypted ID contained a slash or plus sign, and if it did, encrypt it again. For some reason, every time the ID is encrypted, it's different, so this would work.

like image 621
Rocket Hazmat Avatar asked Dec 03 '10 16:12

Rocket Hazmat


2 Answers

You can also base64_encode(). That will also make it a lot longer and appear "more secure". Also adds a layer of obfuscation.

like image 67
Jack Avatar answered Sep 23 '22 11:09

Jack


Maybe passing the cryped data through urlencode() would fix this? After you do that, you would have to intercept the data before CodeIgniter does, and run urldecode() on it.

Just a quick idea, so good luck!

like image 36
Blender Avatar answered Sep 20 '22 11:09

Blender