1
I need to encrypt some url parameters, such as email and client code, and determine the valid time for the forwarded link.
I looked at Facebook, Google and Twitter that use this methodology to ensure url security.
What would be the best encryption, MD5, SHA1, Base64 in this specific case? How best to determine the valid time for the link?
1
Come on
MD5 and SHA1 are algorithms of HASH, are not encryption. When you encrypt something, you will probably need to decrypt in the future. Algorithms HASH are one-way and it is not possible to get the original text from a HASH with common methods (brute force yes could solve, but we know that it is not computationally feasible).
Base64 is simply a different encoding. We take a text, we change the encoding of it, but it’s still the same information.
According to what you proposed, HASH would prevent a person from finding the password in an easy way, but still expose your HASH which is in fact what the system will use to do the authentication. Even if you do not pass this in the URL it is very simple to get the content of a request. But what the solution then?
When the server uses secure protocols for data transmission, it actually implements encryption on the data being trafficked. We usually access websites using HTTP or HTTPS. HTTP does not provide security, whereas HTTPS adds a layer of protection via SSL/TLS, so the data sent and received is encrypted and only the client and the server can understand the information.
Browser other questions tagged php mysql
You are not signed in. Login or sign up in order to post.
You can use this article as your answer. http://www.nacaolivre.com.br/php/encryption/
– TutiJapa Wada