hi guys,
is that anyway to encrypt the url link to hash or md5? Please give me some idea. =)
Thank,
hi guys,
is that anyway to encrypt the url link to hash or md5? Please give me some idea. =)
Thank,
Hi Haensel,
thank for reply. i want encrypt the url link because the view is in zii.widgets.CDetailView. I dont want other people to view other information by change to id :1 to id:2 or to other id.
http://localhost/default/view/id/1
is there anyway to encrypt the id/1 to md5 or more security ways?
thanks again.
Hi again,
I deleted my post because I was talking nonsense 
I suggested md5 hashing with PHP because I thought of a scenario like authenticating a user. In such a case you won’t have to decrypt the hash, you just compare the two hashes of the user input and the one saved in the database.
Anyways, in your case you would have to decrypt the string again and this won’t work that way. So this is a really good question and I would be interested what others suggest. So sorry for the misinformation
But in your case I would rather talk about access rules than encryption.
I would strongly suggest NOT to use encryption for hashing ids to restrict access to specific views. You should absolutely use access rules so that every user is assigned to an id she/he is able to view.
Take a look at RBAC http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#using-business-rules. There you should find some information on how to do that.
greetings,
Haensel
Hashing is one way encryption like Haensel wrote… so you cannot use that… any other encryption can be used… but it can be guessed, too and misused…
You did not explain in details what you need… but if you want to show a user only his record… depending on your data … you can do that by checking that the record belongs to that user… or that he has the permission to see that record…
thanks guy, i will try to use the access rules for users. i will ask again if happen problems.
thanks for suggestion. =)
Interesting topic!
If my thought is right, we would have the following url
http://www.mysite.com?q=akjkhsu387fjsuy73y8
meaning, for example
http://www.mysite.com/user/editprofile/id/23
I’ve found this
I think that we could take the main idea of the class and extend CUrlManager, do something in CController::beforeAction()…not totally sure if it would work
Regards!
If the main idea is to prevent users to see other data… then encrypting the URL is not secure enough… as anybody that gets the URL can see the data …
Yes, you’re right, to avoid unauthorized access RBAC is the right solution.
I think that encrypting the query string would be useful to raise the level of the chalenge in terms of injection attacks
I’m using this kind of encryption on the Intranet project i’ve developed to my company. It’s not a PHP project, was developed using a tool called Genexus (http://www.genexus.com), where there is a parameter called “Encrypt URL”, which handles the query string encryption automatically.
Regards!
You could use PHP’s very own mcrypt extension to encrypt your URLs via blow- or twofish and then catch those via a custom URL-rule. A few words of advice:
Encrypted URLs tend to get long. Some clients cannot handle URLs longer than 3,000+ chars, so consider compressing them via gzip/bzip2/lzf.
Compress first and then encrypt. Encrypted texts compress very poorly. More often than not you might end up with an even longer text.
You can further shorten your URLs by applying some kind of baseN-scheme instead of pure hexcodes. base91 would be the best. You’ll most likely have to customize it a bit if you want ‘clean’ URLs (i.e. ones that do not contain slashes or such).
hi guy,
Example-- url change
when i click the image view, update and delete for each users,it will show a very long encrypt url path for each record.
Is there anyway to change my url path http://www.example/index.php/en/person/view?id=1 become encrypt url path.
thank…
can anyone give me suggestion for this issue??
offtopic
it seemed to me that some of you tend to think that hashing and encryption are the same things, but there are big differences, the main is that encrypted data can be decrypted and you cannot get initial data from a hash. And use cases of hashing and encryption are different
Well, it’s worth trying 
so, this video worth watching - e2ff3cfd4b43876adaa5767ce93bf7d3
Hm?