URL parameters value encryption/decryption
11,713
Is there any way to do this??
Hashing user IDs is useless as it's easily reverted. Encrypting them is neither practical nor necessary - just assign a random user ID when you create a record, and never expose the auto increment ID.
Author by
jogesh_pi
I love to learn more and more about the technologies, Here is my blog, from where i share my experiments.
Updated on June 04, 2022Comments
-
jogesh_pi almost 2 years
i want to encrypt the url parameters value like
http://www.sitename.com/index.php?userid=12546
into
http://www.sitename.com/index.php?userid=SADFFHGFE
to prevent the robots to hack the userids which is auto incrementing into database and i am not sure about the security of
base64_encode
andbase64_decode
. Is there any way to do this?? -
Herbert over 12 yearsThis question is a duplicate of stackoverflow.com/questions/4940348/…, but I believe this is a better answer than those at the alternative. Ah, to flag or not to flag... that is the question. :)
-
Bas Slagter over 12 yearsYou are absolutely true. I will add the note to my post.
-
hakre over 12 yearsNote: As of PHP 4.2.0, there is no need to seed the random number generator with srand() or mt_srand() as this is now done automatically.
-
hakre over 12 yearsHow do you prevent to add the same generated id for multiple records?
-
Your Common Sense over 12 years@Herbert Flag, I'd say, but not as a duplicate but as a pointless question.
-
Your Common Sense over 12 yearswhat's the point in generating a unique (not auto incremented) id for each user?
-
Your Common Sense over 12 years@hakre any collisions known for numeric strings below 2 billion?
-
Luke over 12 years@hakre That's a very good point, I have the field set in the database to UNIQUE and I loop through, checking that the generated ID is not already stored.
-
Bas Slagter over 12 years@ col. shrapnel: the point is that the id of the user cannot be easily guessed and entered in the url to access another user's information. Note that id stands for Identifier and not necessarily for the first column of your database table.