URL parameters value encryption/decryption

php encryption
11,713

Is there any way to do this??

Hashing user IDs is useless as it's easily reverted. Encrypting them is neither practical nor necessary - just assign a random user ID when you create a record, and never expose the auto increment ID.

Share:
11,713
jogesh_pi
Author by

jogesh_pi

I love to learn more and more about the technologies, Here is my blog, from where i share my experiments.

Updated on June 04, 2022

Comments

  • jogesh_pi
    jogesh_pi almost 2 years

    i want to encrypt the url parameters value like

    http://www.sitename.com/index.php?userid=12546

    into

    http://www.sitename.com/index.php?userid=SADFFHGFE

    to prevent the robots to hack the userids which is auto incrementing into database and i am not sure about the security of base64_encode and base64_decode. Is there any way to do this??

  • Herbert
    Herbert over 12 years
    This question is a duplicate of stackoverflow.com/questions/4940348/…, but I believe this is a better answer than those at the alternative. Ah, to flag or not to flag... that is the question. :)
  • Bas Slagter
    Bas Slagter over 12 years
    You are absolutely true. I will add the note to my post.
  • hakre
    hakre over 12 years
    Note: As of PHP 4.2.0, there is no need to seed the random number generator with srand() or mt_srand() as this is now done automatically.
  • hakre
    hakre over 12 years
    How do you prevent to add the same generated id for multiple records?
  • Your Common Sense
    Your Common Sense over 12 years
    @Herbert Flag, I'd say, but not as a duplicate but as a pointless question.
  • Your Common Sense
    Your Common Sense over 12 years
    what's the point in generating a unique (not auto incremented) id for each user?
  • Your Common Sense
    Your Common Sense over 12 years
    @hakre any collisions known for numeric strings below 2 billion?
  • Luke
    Luke over 12 years
    @hakre That's a very good point, I have the field set in the database to UNIQUE and I loop through, checking that the generated ID is not already stored.
  • Bas Slagter
    Bas Slagter over 12 years
    @ col. shrapnel: the point is that the id of the user cannot be easily guessed and entered in the url to access another user's information. Note that id stands for Identifier and not necessarily for the first column of your database table.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I encrypt this password with MD5 using PHP?
Laravel cookie encryption
SSL Alternative - encrypt password with JavaScript submit to PHP to decrypt
What is the best way to encrypt files in AES-256 with PHP?
How to properly store a PBKDF2 password hash
Changing Laravel 5.4 password encryption and table column names
How to encrypt mysql password in php (or how to defeat automated code scanner red flag)
PHP 7.4 direct replacement for mcrypt decryption
How to decrypt the hashed password in php ? password hashed with password_hash() method
RSA decryption using private key