Welcome Guest, Not a member yet? Register   Sign In
Encrypting URI Segments
#21

[eluser]dblackherod[/eluser]
NOOOooo @CroNiX... you're so wrong. you'll eat your own words soon enough friend... Smile
#22

[eluser]CroNiX[/eluser]
I don't need to. The excitement in this thread is only coming from you. Not a single person agreed with your approach. But, what do we know...
#23

[eluser]dblackherod[/eluser]
If all the excitement is coming from me, then that is all i need to make this "sick fantasy" a reality. Besides, The human mind once stretched by one idea can never remain the same again!
#24

[eluser]srpurdy[/eluser]
[quote author="dblackherod" date="1332231096"]Alrighty people... so you all think this is a stuuuupid idea right?

what happens when i use an encryption mechanism that uses my own secret key?!

Anyways I'm proceeding with my cause and I'll have it up on github for anyone who needs that functionality for their applications.

MAybe then, i'll do a downloads count and gloat when it burns out the rooftop... :lol:

This would be soon enough 'cos people I am really close. I'm just using Base64 for proof-of-concept but believe me... when its done and we use a 128-bit encryption algorithm, then it'll be something worth using.

Thanks people for the thread build... CI sure has appdev rocking steady. ;-)[/quote]

I guess that depends where you store this information, but even so. A good majority of hosts for example don't protect cross site file reading with apache (symlink). All it would take is someone to read a config file or look at your library to figure out the encryption. This is how a majority of wordpress sites get hacked, they read the database config file. And most people are not smart enough to chmod those files 600 permissions.

Using encryption as 1 layer and still having server side backend code that will protect your system even if the encryption is cracked is what should be done. But I guess that defeats the purpose you have which is a "lazy" approach to building a website system. You can never assuming a user visiting your site isn't going to try to crack it.

I spend a lot of money on server security as well as try to write secure code within my current knowledge. Sites with over a million hits get hammered by bad traffic. Sites with low traffic 75% of the traffic they get is bad traffic. Security is a multi layered thing. Cutting corners at least if you want people to take you seriously in this business is not going to help you in the long run.

But like I said that doesn't mean an encryption library like you want to make doesn't have a use. It does. It just should not be used as a way around protecting your application.
#25

[eluser]John Murowaniecki[/eluser]
[quote author="aquary" date="1332218550"]"Unreadable" doesn't mean "Inaccessible"....
The case here sounds like this to me:

A: "Hooray, I got Javascript validation on the form before submitting them. No more server side validation!! LOL
B: "What happen if I disable javascript?"
[/quote]

It all makes much more sense now. Not?! Hehehehe.





[quote author="dblackherod" date="1332288376"]If all the excitement is coming from me, then that is all i need to make this "sick fantasy" a reality. Besides, The human mind once stretched by one idea can never remain the same again![/quote]



NO, dude. Don't do this. Don't lose your time with _remap and codification. This isn't the way..



This week I took a freelance job in CodeIgniter so messy that you would fall from the chair only to see: sql, html, css and js within the controllers, abuse and even _remap a bidding session for validation of security tokens - gasp: fixed (yes, you sets the value of the token is a string that, if the user does not change anything, it makes accessing what should otherwise activates a series of shots of paranoid emails pro administrator).

As I just did budget for integration with a payment system that does not mecherei bomb - in fact I have avoided even LOOK the operation of that crap.

So this appeal is, young man: DO NOT DO THIS to yourself or with us - because there will come a day that will be left for another programmer to fix the mistake you made​​.
#26

[eluser]dblackherod[/eluser]
Hi folks...

Been a while since i checked this thread. Glad to say that I did get the uri segments encryption working afterall. Feels good I have to say, especially when its an extra security layer for obfuscating URI segments.

Having said that, I'm starting a new topic which I believe would spark some interest again. You can search for "Multiple Resource Loading in CI" to check it out.




Theme © iAndrew 2016 - Forum software by © MyBB