Re: [Active4d-dev] Data hiding techniques

Fri, 02 Sep 2005 12:12:47 -0700 

Mike,

If you are using sessions, you could concoct a scheme where you use

?id=some obsfucated value
where some obsfucated value = encrypt (session id + delimiter + recnum) `you may need to provide 'encrypt'
When a request comes in decrypt id, and parse out session id and recnum based on the delimiter. 

If sesssion id isn't valid, redirect to another page.

-- Brad Perkins

Mike Vogt wrote:


Aparajita,
Somebody seeing ?recnum=1108 or such is going to try to see what happens
with ?recnum=???.
Yes it can be trapped after, but it would be nice to make it obscured.

Mike Vogt
Millennium Data Services, Inc.


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aparajita Fishman 
Sent: Friday, September 02, 2005 1:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [Active4d-dev] Data hiding techniques
You could encode the querystring when writing it into HTML
as a link
and then decode it when you receive the page using a reverse algorithm. For example, write the link as page.a4d? kdfh=89df798sdf79s8f and then use MD5 to decode the value and variable name. That way, both the query string variable name and value are both hidden, and can't be easily decrypted.
Would you mind sharing a little more info on this technique? Certainly not enough to compromise your system, but could
you say how
you are encoding/decoding to MD5 and how you are making the encoded values web safe.
You can't decode MD5. It's a one-way hash. I would still like to know _why_ you want to encrypt the link, that will help me suggest a solution. 

Regards,

   Aparajita
   Victory-Heart Productions
   www.aparajitaworld.com

   "If you dare to fail, you are bound to succeed."
   - Sri Chinmoy   |   www.srichinmoylibrary.com

_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/



_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/



_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/

Reply via email to