Using a time-based, rotating hash or string for security

Question

In a CMS app I occasionally need to open an iframe of another domain. At the moment I am setting the URL for that iframe to something very obscure. Like http://domain.com/if

Answer 1

Be careful of using MD5 for hashing - it is cryptographically broken. There are any number of online sites to help create collisions. Rather use something like SHA256 and always include a long salting string.

If the user does not have to interact with the site in the iframe you could consider scraping the site code and inserting it directly into your code. There are a number of libraries available for this.

What about using something like

$hash = hash ( "sha256" , date("h") . 'myverylongsaltstring' );

So long as the servers have their timezones correct and are synchronized to within an hour this approach will work like your time() hash.

Additionally you could use something like TinyUrl to obfuscate the link a little further. Something along the lines of http://www.technabled.com/2008/12/create-your-own-tinyurl-with-php-and.html