On Tue, May 10, 2005 8:50 pm, Joe Harman said: > Hey just curious if it's okay to encode variables that are passed in > URLs with base64_encode??? since, I am going to pass a email address > in the URL, I would like to protect the email address from typical > people
I dunno if every character that can be output by base64_encode is URL-safe or not, but you could do: urlencode(base64_encode($email)) and be 100% certain that it is safe, and that the data you want will come through. That said, I don't think base64_encode will offer much protection from humans who want to snag emails, and you presumably aren't listing these URLs somewhere for web-bot harvesters to find... Though that would fool them, at least in the present. ARAIK, almost *any* obfuscation of email addresses foils the harvest bots. This seems unbelievable, but I liken it to fishing: If every time you cast a line in the water, you come up with a million fish, how hard will you work to change your bait? That is the current state of affairs in the "arms race" of email harvesting -- The spammers have SO MANY fish "biting" that they simply don't need to bypass obfuscation. Sooner or later, however, that will change, especially if the harvesters ever care about "quality" of their fish. While I'm not running around fixing all my old obfuscation code, I'm pretty much not using email obfuscation on any new sites/code. Instead, I build a FORM that will send the email "blind" to the recipient, and have a "throttle choke" that limits a given IP ($_SERVER['REMOTE_ADDR']) to N emails sent in H hours. Certainly, a script could be written to re-connect and get a new IP, but that in itself would take enough time on the end of the spammer that I doubt they'll want to bother any time soon. And it's all wrapped up in a 'spaminator' function that I can replace with something more robust if I need to. I figure this way, I'm 2 steps ahead in this arms race, so when the bad guys start decoding the obfuscation emails, I'll be ready for 'em. Now if I could just figure out a way to get my OWN email out of their lists so I wasn't getting 10,000 spams per day (literally) I'd be a Happy Camper. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
