RE: [PHP] encrypting session variables
$session_id + 1 before passing it, and then $session_id - 1 before using it on the next screen ... thats the security through obscurity way :) you could put the session_id in a mysql db and then select password(session_id) that would return something really obscure and then select session_id where password(session_id) = 'd3a8f932b10'; -Original Message- From: Brad Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, July 09, 2001 6:08 PM To: PHP General List Subject: [PHP] encrypting session variables Hi all, Is there a simple way to encrypt session variables. If so, is there a method to 'decode' the encrypted session variable when required?. Thanks in advance, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] encrypting session variables
Make an MD5 hash using the session variable. Make it again (with the same seed) before using it, if the hashes don't match, it's been messed with. You can store the hash in a MySQL DB, pass it on the URL, write it out to a local file, all kinds of things... -Original Message- From: Brad Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, July 09, 2001 6:08 PM To: PHP General List Subject: [PHP] encrypting session variables Hi all, Is there a simple way to encrypt session variables. If so, is there a method to 'decode' the encrypted session variable when required?. Thanks in advance, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] encrypting session variables
Tyrone, Make an MD5 hash using the session variable. Make it again (with the same seed) before using it, if the hashes don't match, it's been messed with. I'm sorry, I'm not sure what an MD5 hash is. Could you elaborate and/or point me towards some documentation. Thanks, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
