CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> Tips & Solutions

 Encrypting URLs

Print topic Send  topic

Author Message
tonyk

Posts: 163
Posted: 04/02/2012, 9:09 AM

It has been suggested that I post this here.

If you are trying to encrypt a link to prevent tampering why not try a 'nonce'; or 'number used once'.
If you are using a database you can store the variables required on the next page with a unique random and time-limited key which is passed in the url. The next page looks up the values in the db pointed to by the nonce and applies them to the page. If no nonce is found that could indicate tampering and could be used to assist in applying security. Add the session_id into the database and you could delete all nonces created in the session at a stroke.
It takes a little work to get it running but once created you can use the function on any number of pages quite easily. Sites such as yahoo use nonces, they are the long random strings seen in the url.
Tony

example code shown below

This shows two methods, the first alters a link, the second redirects with altered url.
set_nonce($foo) adds the nonce and variables to the database and returns the value of the nonce for use in the url, the variables are in a comma separated list that can be exploded in the before initialize event of the next page once read in from the database. Use CCGetParam to read the value of the nonce and use that to query the database.

The target_id can be used to ensure that the data is applied to the correct page, target_id holds the identity of the intended page
Do not use the word 'nonce' in your own pages as it has unpleasant connotations.
>>>>>>>>>>>>>>>>>>>>>>>
$contact=$Container->DataSource->f(id_contacts');
$passed="target_id,new_contacts.php,contact,$contact";
$Component->SetValue("<a href='new_contacts.php?nonce=".set_nonce($passed);
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2nd example
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

global $Redirect, $FileName;

$qs = CCGetQueryString("QueryString","");
$qs = CCRemoveParam($qs, "ccsForm"); //Never want this hanging around!
/*set nonce variables */

$file_trans="new_information.php";
$passed="target_id,$file_trans,request_id,".CCGetSession("request_id","");
//Are there other query string params we want?
if ($qs) {
$goto = $file_trans . "?nonce=".set_nonce($passed);
}
else {
$goto = $file_trans . "?nonce=".set_nonce($passed);
}
$Redirect = $goto;
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Web Database

Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright 2003-2004 by UltraApps.com  and YesSoftware, Inc.