obfuscation and encoding
Date: 10/29/05
(PHP Development) Keywords: php, security, web
i have a case where i'm trying to provide some unsubscribe functionality via a link to a website in an email. i need to encode some information in the url, specifically a user id and a list so i know who they are and which list they are unsubscribing to. Security is of course important, I don't want anyone to be able to just submit with random user ids and lists so i need to encode it with some sort of obfuscation, but also with a checksum or something that would prevent tampering or at least let me know.
Anyone have any experience with this or ideas? ideally, i'd like to use something readily available in PHP (and also perl if possible since the encrypting part will happen in perl, but presumably i could port easily enough). maybe like generate a url string, such as "user_id=x&list=y", base64 encode it (which also shrinks it and is a plus) and then add a crc byte on the end? then my url would be http://www.example.com/file.php?hash="gobbledygook"
does anyone know of something in PHP that would do this? if not any suggestions for rolling your own (like algorithms, i don't need actual code probably unless you either have it, know of it on a free site, or really feel like writing it ;-) ) maybe using compression utils with a password? that would i think require recompiling php or using external programs which is doable, but not as desireable. plus if someone guessed the password, they could decrypt, but i suppose that is true for any algorithm that's one way. perhaps using ssl or pgp somehow? having 2 keys, then no one could decrypt it without the private key? that might be overkill. or mhash for hashing, but then might that be easy to crack and can it be computed in perl?
xposted to php
Source: http://www.livejournal.com/community/php_dev/61842.html