How to Encrypt the URL

Question

I want to know how to encrypt the URL on Apache/PHP?

For example:

www.example.com/how-to-encrypt.html

to

Answer 1

You're probably looking for Apache mod_rewrite together with PHP. That URL isn't (and wasn't meant to be) encrypted, it's probably just a key that redirects to a database on Yahoo! severs. See this article.

Answer 2

It's best to perform security operations at the database level. Here is how to perform MySQL database operations using PHP: PHP Database Operations with MySQL. Then, you have access to all of the database operations related to security, such as: Encryption and Compression Functions. Thus, you can generate the string in the database and pass a token in a URL parameter to the user. It is best to also pass another parameter, such as a username, into the URL to reduce security risk. Upon client response, you just grab the parameters from the url and validate the user. Be sure to sanitize and validate input before performing the database operation. Sanitize and validate before assuming data is safe.

And for information, you should never use JavaScript to perform important security operations, at least not without seriously evaluating the risks and alternative options. (Any hacker will see your entire security logic in the JavaScript code.)

Notice that you can grab the _ylt & _ylu parameters from this url:

• us.yahoo.com/_ylt=As6pPqj3t7OBn2LQbZCUU7abvZx4;_ylu=X3oDMTVocThw330824863

Those parameters are what you will grab for your database operation. You could use these in a particular page like this:

• us.yahoo.com/myPage/_ylt=As6pPqj3t7OBn2LQbZCUU7abvZx4;_ylu=X3oDMTVocThw330824863

Answer 3

I'm not a PHP guy, but a quick Google Search brought me to this link.

class Encryption {
    var $skey   = "SuPerEncKey2010"; // you can change it

    public  function safe_b64encode($string) {

        $data = base64_encode($string);
        $data = str_replace(array('+','/','='),array('-','_',''),$data);
        return $data;
    }

    public function safe_b64decode($string) {
        $data = str_replace(array('-','_'),array('+','/'),$string);
        $mod4 = strlen($data) % 4;
        if ($mod4) {
            $data .= substr('====', $mod4);
        }
        return base64_decode($data);
    }

    public  function encode($value){ 

        if(!$value){return false;}
        $text = $value;
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv);
        return trim($this->safe_b64encode($crypttext)); 
    }

    public function decode($value){

        if(!$value){return false;}
        $crypttext = $this->safe_b64decode($value); 
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv);
        return trim($decrypttext);
    }
}

and the usage

$this->encrypt->encode('Your data');
$this->encrypt->decode('Your encrypted data');