Re: Accesing a record in MySQL and PHP — PHP Programming Language

You are here: Re: Accesing a record in MySQL and PHP « PHP Programming Language « IT news, forums, messages

Posted by Peter Fox on 10/23/44 11:34

Following on from zek2005's message. . .
>Hi!!!
>
>I am accesing a record in a MySQL DB with the a sentence embeded in a
>php code. The result access a page like:
>
>http://www.mysite.com/page.php?id=16
>
>where the id=16 indicates the id of the result. This work perfect, but
>I don´t want the user to know that the number 16 correspond to a
>specified record. I´d like to change the 16 for an algoritm. The
>algoritm result will be 16, but this will be only know by the database.

(1) A simple way is to obfuscate. This has the advantage that the page
is fully bookmarkable. So you can embed a URL into a 'hello' email to
say "To look at your order go to ....User=1234567

(2) You will find however that it is handy to obfuscate the same every
time sometimes and vary the algorithm with additional randomising at
others.

(3) If obfuscating then your decoder also needs to check that the input
was valid. To take a too-simple example if your routine multiplied by
12345 to obfuscate then anything not divisible by 12345 is a hack

(4) Obfuscation has the convenience of being reversible, hashing has the
advantage of not being reversible. This means hashing should be secure
(while obfuscation is of course hackable) but you need to have some way
to store the real value on the server eg in session or database.

(5) When hashing you can invalidate the stored hash if used as a key to
lookup a response. So for example you might offer the user three
/exclusive/ options in an email and delete all three hashes when one is
chosen. Or you can say "reply in the next 7 days ...".

(6) IMHO a good strategy is *not* to use auto incrementing user IDs
(etc) but to provide a large random number for the primary key. Then
you don't have to worry too much about user 16 trying out user 17,18 and
19 and you don't need to obfuscate/hash either.

--
PETER FOX Not the same since the pancake business flopped
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

Navigation:

Next in forum: Re: simple loop? help
Prev in forum: Re: Func to Turn Relative URLs into Abs URLs
Thread view: Re: Accesing a record in MySQL and PHP

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация