Dan Harrington wrote:
> What is the best way to encrypt/decrypt strings when passing between
> php pages?
If your encryption is meant to be anything near secure, there is only
one way:
DON'T
GET or POST-Parameters are for user-input. Handing information over to
the client and taking it back later is a potential security leak. If
you have no means of revalidating the information after it crossed the
so called trust boundary, you should't do it.
Send a handler, some random and unique (nothing like 1,2,3 or a,b,c)
identifier and store the critical information in a session variable or
somewhere else.
> I am using md5 and currently get strings that produce "unprintable"
> characters
> or characters like slashes or other things that could interfere with
> the passing
> between php pages. (e.g.
> http://server.asdf/action.php?args=encryptedstring )
>
> e.g.
> 5V"g\7`Qv1Sc]aV&Q4a6#bW>SbU!f_4V1QvPaUe 5Q!c b
Just urlencode() these strings before adding them to the URL.
regards
Wagner
--
Three may keep a secret, if two of them are dead.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
