jsonencode the params then base64encode them then encrypt them, pass this encryption hash along with the original plaintext variables, when you recieve these variable bank check the plaintext variables against the encryption hash
I do the same on some of my projects to prevent tampering of data and forms Thank you, -Alex Goretoy http://launchpad.net/~a1g On Mon, Dec 19, 2011 at 10:13 AM, mark_story <[email protected]> wrote: > Geoff, > > I work at FreshBooks. You'll have to trust me when I say encoding > your querystrings is a horrible idea. We only still have it because > of legacy issues, and the fact that we have had them for years. I > would strongly suggest you don't go down the very painful road of > doing this. > > -Mark > > On Dec 18, 10:35 pm, Geoff Douglas <[email protected]> wrote: > > The accounting web application Freshbooks does this. Every link inside > the > > application uses an long encrypted string, instead of a url path. Once > the > > url hits the app, it's decrypted and routed. Thus securing the urls from > > users eyes... > > > > I agree that this adds a genuine level of security, even as a > > simple deterrent, or mask. > > > > I would use a separate salt value in the configure class, then create a > new > > helper that encrypts the urls for links and such. Then you could decrypt > > them either in bootstrap, or somewhere that loads first. Not sure if the > > AppController beforeFilter is soon enough, but it might be. You would > just > > have to test it out. > > > > Happy Coding. > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
