TalkPHP - View Single Post

DeMo · 02-19-2008, 05:52 PM

You can create your own "encryption algorithm", for example:
new_cartID = cartID * 13 + 7

Then to reverse back the number:
old_cartID = (new_cartID - 7) / 13

After creating the new cartID you could base64 encode it to store it in the cookie.
This example is too simple, but if your cartID was 10, the new_cartID would be 137. If you base64 encode 137 you get MTM3. A smart guy trying to manipulate the cookie could base64 decode it back to 137.. but he doesn't know that 137 is not the real cartID.

This method won't eliminate the possibility of a person seeing the cart of another. If the smart guy changes his cookie to MTI0, your PHP script will decode it to 124, then convert 124 to 9 [(124-7)/13].. which could be a valid cartID of another customer.

If you really want security then you should look for encryption algorithms like blowfish, aes, des, RC4.

RC4 is very simple, yet powerfull, and should do the job for you.
You provide a password/key and the data and it returns the encrypted data, the only way to decrypt it is to RC4 it again using the same password/key. There are a lot of RC4 classes available for download, like this one.

02-19-2008, 05:52 PM	#4 (permalink)
DeMo The Contributor Join Date: Jan 2008 Location: Brazil Posts: 77 Thanks: 14	You can create your own "encryption algorithm", for example: new_cartID = cartID * 13 + 7 Then to reverse back the number: old_cartID = (new_cartID - 7) / 13 After creating the new cartID you could base64 encode it to store it in the cookie. This example is too simple, but if your cartID was 10, the new_cartID would be 137. If you base64 encode 137 you get MTM3. A smart guy trying to manipulate the cookie could base64 decode it back to 137.. but he doesn't know that 137 is not the real cartID. This method won't eliminate the possibility of a person seeing the cart of another. If the smart guy changes his cookie to MTI0, your PHP script will decode it to 124, then convert 124 to 9 [(124-7)/13].. which could be a valid cartID of another customer. If you really want security then you should look for encryption algorithms like blowfish, aes, des, RC4. RC4 is very simple, yet powerfull, and should do the job for you. You provide a password/key and the data and it returns the encrypted data, the only way to decrypt it is to RC4 it again using the same password/key. There are a lot of RC4 classes available for download, like this one.