如何对通过URL参数传输的秘密数据进行编码/加密？ [英] How to encode/encrypt secret data to be transferred by URL parameters?

问题描述

这是故事：

我必须将一些分类信息从一个脚本传递给另一个脚本。在第一个脚本中，我需要首先加密数据，然后我必须将加密的数据附加到GET请求中并将其发送到另一个脚本。该URL将如下所示：

I have to pass some classified information from one script to another script. In the first script I need to encrypt the data first and then I have to attach the encrypted data into a GET request and send it to another script. The URL would look like this:

http://mydomain.com/mysecondscript.php?secret={encrypted stuff}

我目前的加密方法是基于base64。这种方法的问题是，如果我有很多东西要加密，加密的结果可能会很长。如果超过255个字符，则第二个脚本将无法解密，因为字符串将被切割。

My current encrypt method is based on base64. The problem with this method is, that if I have a lot of stuff to encrypt, the encrypted result could get very long. If it's longer than 255 characters or so, the second script will not be able to decrypt it because the string will be chopped.

所以我正在寻找一个更好的加密方法，可以控制加密结果的长度。

So I'm looking for a better encryption method, that can control the length of the encrypted result.

推荐答案

危险！

Base64是 NOT 一种加密形式，但是编码。 Base64编码的字符串很容易识别和微不足道的解码。 Base64用于对数据进行编码，以便它们可以安全地传输到非二进制安全介质（如URL和电子邮件）中，但不会隐藏数据本身。

DANGER!

Base64 is NOT a form of encryption, but encoding. Base64 encoded strings are easy to recognize and trivial to decode. Base64 is used to encode data so they can be safely transmitted across non-binary safe medium (such as URLs and emails), but they do not hide the data itself.

您需要做的是使用AES加密字符串（请参阅PHP的 mcrypt ），然后base64编码它。这当然不会解决你的长度问题。这个问题很模糊，但你可以做的是：

What you need to do is encrypt the string using AES (see PHP's mcrypt), then base64 encode it. This of course will not solve your length problem. The question is pretty vague, but what you can do is:

• 使用POST而不是GET。


• 将数据存储在两个脚本可以访问的数据库或文件中。然后只需生成一种标识符并将其与URL进行发送。接收脚本可以使用此标识符来检索数据。作为一个额外的好处，您不必发送带有URL的分类数据。

编辑：我更仔细地阅读你的问题，似乎这两个脚本都坐在同一个服务器上。在这种情况下，没有任何理由通过HTTP传递此数据。

Now that I read your question more carefully, it seems like both scripts are sitting on the same server. In this case there is no reason whatsoever to pass this data via HTTP.

这篇关于如何对通过URL参数传输的秘密数据进行编码/加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！