encrypting a string (and server varaibles)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have a function that serves audio as a stream. I don't want people to see  
the filename. But I am using urls of this sort:


1) How can I encrypt www.somefile.mp3 and then reconstruct it?

2) How should I really be doing this? Should I be putting the file name into  
a server variable? If so, what would that syntax be?



Re: encrypting a string (and server varaibles)

Hi Brian --

Perhaps you can kill two birds with one stone here.  I might suggest
creating a simple database table that associates a file with an ID
number.  This will help you achieve your goal of anonymizing the file
name by using an ID number in its place, and it helps to secure your
application by not accepting user input (anyone could change a filename
in the URL to exploit potential vulnerabilities in your script, but ID
numbers are harmless).  Your database could also be easily modified as
files are added or removed.

If it's not possible to use a database, another (less desirable)
approach might be to set up an array in the function that redirects the
user to the file that relates an index number with a filename.  Again,
when someone requests a particular file, you would be passing a number
to your script rather than a filename, achieving both goals.  This
would be harder to maintain if your file collection changes frequently.

I'm sure there are other ways to do this, so these solutions are by no
means exhaustive.  :)


Brian Huether wrote:
Quoted text here. Click to load it

Re: encrypting a string (and server varaibles)

First, use a session.
For each file you make accessible to the client, create a hash and store  
the (hash, filename) pair in the session. Use the hashes for  
communication with the client.
This has two advantages:
1. Your filenames will not be sent to the client and ara therefore not  
2. Just trying to submit random other values will not work, as there is  
no hash defined for them. So they can not be translated to a file.

Best regards

Brian Huether wrote:
Quoted text here. Click to load it

Site Timeline