Topic awaiting preservation: Encrypting GET/POST data (Page 1 of 1) |
|
---|---|
Maniac (V) Mad Scientist From: 100101010011 <-- right about here |
posted 09-30-2003 18:59
hey all, |
Bipolar (III) Inmate From: New Jersey, USA |
posted 10-01-2003 22:52
I have done something like this but for different reasons. I worked on a web site that was mainly built in Java except a few pieces of the web site (bulletin boards and forum) which were built in PHP and hosted at a completely different ISP. In order to use the PHP side of the site we had to make sure you were logged in and also wanted to know who you were logged in as. What we decided to do was encrypt a string of data that contained certain information like the ID of the user, First Name, Last Name and a timestamp. This would allow us to make sure the request was made recently and also keep users from easily deciphering what exactly we were sending. |
Obsessive-Compulsive (I) Inmate From: Michigan |
posted 10-02-2003 07:34
why don't you just use SSL, a packetsniffer wouldn't be able to sniff that, then you would have to change 0 of your code. |
Paranoid (IV) Inmate From: Den Haag, Netherlands |
posted 10-08-2003 09:19
If you're using PHP as your server-side scripting you could look at sessions. All the data is stored at the server-side and only the session ID ispassed back and forth ... you can also rewrite your session handler routines (very simply) to use a database as the session data store, or set the TTL of your sessions to very long periods ... hence making the whole thing persistent over multiple visits if that's what you want. |