加密/编码URL字符串中的ID [英] Encrypt/Encoding an ID in URL string
问题描述
示例:
http://localhost/page.php?id = 90
TO:
http:// localhost / share / 22349234987sdsdf9sdf87423498asf9
我正在使用HTACCESS做份额部分。但是想隐藏'90',并尝试阻止任何人添加随机数来尝试收到不同的响应。
有关如何创建类似的任何想法这个,或者如果已经有一些已经存在的东西与实现一起工作良好?
安全是一个因素,所以只是试图找到最好的解决方案...
隐藏ID是晦涩的,而不是安全性。
如果你想要好的晦涩,请查看PHP中的 mcrypt 函数。确保在编码和解码之前附加一个盐,否则很容易猜到加密/解密。
请注意,任何人都可能在您的网址上绊倒彻底打败了这个。如果您还想要安全性,我将使用某种形式的HTTP Auth通过HTTPS。
Just trying to do some security on my website and trying to figure out the best route to secure an ID.
EXAMPLE: http://localhost/page.php?id=90 TO: http://localhost/share/22349234987sdsdf9sdf87423498asf9
I am using HTACCESS to do the share part. But would like to hide the '90' and try to discourage anyone from just adding random numbers to try and receive a different response.
Any thoughts on how to create something like this, or if something already exists that works well with implementation?
Security is a factor, so just trying to find the best solution out there...
Hiding the ID is obscurity, not security.
If you want good obscurity, look at the mcrypt functions in PHP. Make sure to append a salt before encoding and decoding, otherwise it will be easy to guess the encryption/decryption.
And be aware that anyone else might still stumble across your URLs, defeating this entirely. I'd use some form of HTTP Auth over HTTPS if you want security, too.
这篇关于加密/编码URL字符串中的ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
