Encrypting URL

JoeCriticdotCom

Is there a way I can encrypt a PHP script or a URL inside it?

I have a form I use that has a very important URL in it, and in that URL is my username and password... So if someone got into that script, tehy could easily find my info... is there a way to fix that?

daynah

You're not destributing this file are you? Personally, I think any url with a username and password is a high security hazard.

JoeCriticdotCom

no, im not distributing it... and I realize its a security risk, thats why I want to encrypt it.

mmilano

do you need to de-crypt it? if not, you can use:

<?
$url=md5($url);
?>

then when you want to verify against it .. you can use:

<?
if(md5($new_url) == $url)
{
echo "successfully matched";
}
else
{
echo "failed";
}
?>

i'm thinking you might need to decrypt it though, ... i don't know how.

MrAlaska

If you need to send them there with the user name and password in the URL, then presumably it is a site you have no control over the scripting at. So you can encrypt it so it is not understandable in the source of the form, but you still need to decrypt it before you send the visitors there. What's to stop them from seeing it in the URL? Even if you wrap it in a frame, the URL is still easily accessed. Either I am reading this wrong, or you are going about something all wrong.

chads2k2

Originally posted by MrAlaska
If you need to send them there with the user name and password in the URL, then presumably it is a site you have no control over the scripting at. So you can encrypt it so it is not understandable in the source of the form, but you still need to decrypt it before you send the visitors there. What's to stop them from seeing it in the URL? Even if you wrap it in a frame, the URL is still easily accessed. Either I am reading this wrong, or you are going about something all wrong.

I am with you on that one. I would just use Sessions. Hell its easier anyway. 🙂 Or if all else fails think up a crazy algorithm and send their password through it and put a cookie and then get the cookie back and decrypt it.

I would use sessions if I were you.

Just my $.02