Geoff, I work at FreshBooks. You'll have to trust me when I say encoding your querystrings is a horrible idea. We only still have it because of legacy issues, and the fact that we have had them for years. I would strongly suggest you don't go down the very painful road of doing this.
-Mark On Dec 18, 10:35 pm, Geoff Douglas <[email protected]> wrote: > The accounting web application Freshbooks does this. Every link inside the > application uses an long encrypted string, instead of a url path. Once the > url hits the app, it's decrypted and routed. Thus securing the urls from > users eyes... > > I agree that this adds a genuine level of security, even as a > simple deterrent, or mask. > > I would use a separate salt value in the configure class, then create a new > helper that encrypts the urls for links and such. Then you could decrypt > them either in bootstrap, or somewhere that loads first. Not sure if the > AppController beforeFilter is soon enough, but it might be. You would just > have to test it out. > > Happy Coding. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
