Hello ! I just want to ask how to encode URL or hide confidential information to be displayed on browser for e.g
<a href="path/profileId/<?php echo $this->data['profile_id'];?>Edit</a>
I dont want profileid to be displayed on Browser.. is there any function or method in zend or php ... to accomplish this task... And how can i use that !
I am newbie in zend so i have no idea ..is there any template which provide
Thanks in advance
I suppose you will need the ID in some form or another on the /path/profileId/ page, otherwise you won't know which profile to display, right? If that's the case, it's impossible to completely hide it.
You could use a POST request instead of a GET request so the ID won't show up in the URL, but it'll still be visible in the HTML and the request body if you know where to look.
The real question is, why is a profile_id confidential to begin with? If somebody is able to do something bad just by knowing an identifier, your system has a huge problem.
You could of cause encrypt the information before sending it and decrypt it on the receiving end, but that seems pretty nonsensical. The typical way would be to simply pass tokens that are by themselves worthless, but allow you to resolve the real data on the backend. The prime example of this is a Session, another is passing the ID of a record and retrieving the related record, including confidential information, from the database.
Hi,
You can use obfuscation for it. XOR the ID befor echo it out, XOR it back when handling the GET request.
But you should have access controls anyways, is this user allowed to open this link ?