Silver
|
| Posted: 06/12/2003, 4:55 AM |
|
Hi all
I wonder how can I assure security for params passed between pages.I don't want the end user to alter any of them.
what about link encryption?
I'm useing CCS with PHP 4
as far as I know POST method is not secure as well.
thanks
|
|
|
 |
glerma
|
| Posted: 06/12/2003, 12:39 PM |
|
There is no URL encryption built-in with CCS.
You can hand-code your own solution or you can implement SSL on your web server.
g.
|
|
|
|
rclayh
|
| Posted: 06/12/2003, 6:36 PM |
|
Many hosting companies offered a shared SSL space so that may be more available to you than you would think.
Clay
|
|
|
|
Silver
|
| Posted: 06/13/2003, 3:17 AM |
|
thanks for the time.
does SSL encrypt URL....I mean is it scrambled or not?
|
|
|
|
glerma
|
| Posted: 06/13/2003, 10:39 AM |
|
SSL Encryption is a way to protect the http transfers by using Certificates which in essense are Private/Public Key Pairs. These keys us RSA encryption, which is a standard encryption library among most secure websites. They come in different encryption levels. 40-bit and 128-bit. The latter being more secure.
Just be aware that SSL encrypts the data being transmitted back and forth, not the actual data on the URL or on the screen.
|
|
|
|
Silver
|
| Posted: 06/14/2003, 1:57 AM |
|
In fact my main concern for now is to encrypt the actuel data so site visitors can't alter or change any of parms passed between pages. is there any example of this?
Thanks
|
|
|
|
glerma
|
| Posted: 06/14/2003, 6:10 PM |
|
Well, then your out of luck with working "Out-of-the-box" URL encryption. You will have to implement your own solution for that.
I don't currently know of a way to do that, but I think there is at least one Article in the Tips and Articles section.
You can try using this function that I found on phpclasses.org, however I have not yet used it in conjunction with Codecharge-generated sites yet:
<?php
/*
This is a very simple script to FULLY encrypt your URL
Email: basica@k-designs.com.sg
URL(NORMAL): http://staff.k-designs.com.sg/basica/
URL(ENCRYPTED): http://%73%74%61%66%66%2e%6b%2d%64%65%73%69%67%6e%73%2e...61%73%69%63%61/
*/
function URLEncrypt($URL) {
$Escaped = "";
for ($i = 0; $i < strlen($URL); $i++) {
if (substr($URL, $i, 1) == "/") {
$HEXConv = "/";
$Escaped = $Escaped . $HEXConv;
$i += 1;
if ($i >= strlen($URL)) break;
}
$HEXConv = DecHex(ord(substr($URL, $i, 1)));
$Escaped = $Escaped . "%$HEXConv";
}
return $Escaped;
}
function phpNavigate($URL) {
print "<script language=javascript>location.href='$URL'</script>";
}
$TURL = "http://" . URLEncrypt("staff.k-designs.com.sg/basica/");
phpNavigate($TURL);
?>
|
|
|
|
Johnny
|
| Posted: 06/15/2003, 4:23 PM |
|
if what you want is to hide the Paramters in the Address box of your
Web Browser, Right now i'm Using Session Var for that!
and work great
|
|
|
|
Silver
|
| Posted: 06/16/2003, 9:16 AM |
|
sessions are really fine...thanks a lot all.
I'll check if they are really safe
|
|
|
|
