security pages

nectux

Hi list,

I'm developer a system, but I need security.
First: How I can encrypt my param in the url?, because I have been send information that is relevant but if the user modify hi can to see other information.
I prove base64_encode, I like to know if it's correct and how I can to show the session for the user?, I dind't use cookies.

Second: I use Postgres, and i like encrypt my password, I created the field pass varchar(32) but i can encrypt with the function md5 but how i can desencrypt it?

Someone knows another idea how i can solution this?

If somebody can help me i will thankfull.

REgards,
Ricardo

bastien

use POST and don't pass through the URL

if security is that important use SSL (automatic 128 bit encryption both directions (uses https:// instead of [url]http://[/url]))

crypt is a one way function.

store the encrypted pass in the DB and pass the login pass to the server encrypt it and then compare

http://www.php.net/manual/en/function.crypt.php