Greetings.
I would like some feedback on this approach for encrypting HTML input
element values such as Checkbox, Radio, Select, Hidden, etc, and Javascript
code related to those elements.
The procedure is when a user first arrives at the site a session structure
is created and in it I create a random key string to use on encryption
functions for every page requested by that specific user.
So, for example a typical country select box, its option values are
encrypted with the previous created key on page request and decrypted (after
form submission f.ex.) on the validation code:
<form>
<input type=hidden name="op" value="aba87bdbs897a87e9986ab76">
<select name="country">
<option value="aba7b6a76d6eb76bf98ab986ab76">Country Name</option>
</select>
</form>
function ExampleValidation(){
// ...
$country_id = isset($_POST['country']) ?
MyDecryptFunction($_POST['country']) : 0 ;
// etc...
}
I also use this approach to encrypt values in Querystrings such as ids,
operations, form steps, etc.
So far I haven't found any "holes" on this approach (except when someone
gets access to the hosting account :] ) so I would like some feedback and/or
ideas and/or other approaches.
Thanks in advance.
Apologies for my bad English.
Pedro.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
