encrypting a string (and server varaibles)

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Brian Huether
    #1

    encrypting a string (and server varaibles)

    I have a function that serves audio as a stream. I don't want people to see
    the filename. But I am using urls of this sort:

    audio.php?op=se rveaudio&file=w ww.somefile.mp3

    1) How can I encrypt www.somefile.mp3 and then reconstruct it?

    2) How should I really be doing this? Should I be putting the file name into
    a server variable? If so, what would that syntax be?

    thanks,

    brian


    Tags: None
    • Geoffrey
      #2
      Re: encrypting a string (and server varaibles)

      Hi Brian --

      Perhaps you can kill two birds with one stone here. I might suggest
      creating a simple database table that associates a file with an ID
      number. This will help you achieve your goal of anonymizing the file
      name by using an ID number in its place, and it helps to secure your
      application by not accepting user input (anyone could change a filename
      in the URL to exploit potential vulnerabilities in your script, but ID
      numbers are harmless). Your database could also be easily modified as
      files are added or removed.

      If it's not possible to use a database, another (less desirable)
      approach might be to set up an array in the function that redirects the
      user to the file that relates an index number with a filename. Again,
      when someone requests a particular file, you would be passing a number
      to your script rather than a filename, achieving both goals. This
      would be harder to maintain if your file collection changes frequently.

      I'm sure there are other ways to do this, so these solutions are by no
      means exhaustive. :)

      Geoffrey


      Brian Huether wrote:
      I have a function that serves audio as a stream. I don't want people to see
      the filename. But I am using urls of this sort:
      >
      audio.php?op=se rveaudio&file=w ww.somefile.mp3
      >
      1) How can I encrypt www.somefile.mp3 and then reconstruct it?
      >
      2) How should I really be doing this? Should I be putting the file name into
      a server variable? If so, what would that syntax be?
      >
      thanks,
      >
      brian

        Comment

        • Dikkie Dik
          #3
          Re: encrypting a string (and server varaibles)

          First, use a session.
          For each file you make accessible to the client, create a hash and store
          the (hash, filename) pair in the session. Use the hashes for
          communication with the client.
          This has two advantages:
          1. Your filenames will not be sent to the client and ara therefore not
          visible.
          2. Just trying to submit random other values will not work, as there is
          no hash defined for them. So they can not be translated to a file.

          Best regards

          Brian Huether wrote:
          I have a function that serves audio as a stream. I don't want people to see
          the filename. But I am using urls of this sort:
          >
          audio.php?op=se rveaudio&file=w ww.somefile.mp3
          >
          1) How can I encrypt www.somefile.mp3 and then reconstruct it?
          >
          2) How should I really be doing this? Should I be putting the file name into
          a server variable? If so, what would that syntax be?
          >
          thanks,
          >
          brian
          >
          >

            Comment

            Previous template Next
            Working...