Encrypting POST data in YII

Question

How can I encrypt the post method data from VIEW in YII? Also is this is a good way to write such a function? It should encrypt POST data in VIEW that is sent to - and decrypted in - the controller.

'buttons' => array(
            'Edit' =>array(
                //'label' => 'Edit',
                'url' => 'Yii::app()->createUrl("Controller/Action",array("doc_id"=>$data->id))',
            ),

When the button is presed, i want to encrypt "doc_id" and sent to controller for further action where the encrypted data is again decrypted. The URL looks something like this..

projectName/ControllerName/actionName/a2ewe34r44rf454r

But I don't know where to write the function.

If you're worried about the visibility of URLs between the server and the client, then use SSL - a much easier way to preventing eavesdropping. — halfer, Dec 21 '12 at 14:25

score 2 · Answer 1 · answered Dec 22 '12 at 10:56

2

Encryption needs to be handled at the transport level.

Configure your web server to use SSL (HTTPS). This will be completely transparent to your PHP so you don't need to modify your code at all.

answered Dec 22 '12 at 10:56

Quentin

914,110
126
1,211
1,335

score 0 · Answer 2 · answered Dec 21 '12 at 10:45

0

It is a useless thing.
If you are going to encrypt data with client-side javascript function, note that this function with it's encryption logic will be available to anyone.
So there will be no sense of this encryption.
Everyone who loads the page will be able to view your page source and look how encryptData() works.
So I think that client-side encryption with javascript will not give you any profit.
A man who is able to get data transmitted by the network will be also able to get your JS function content.

answered Dec 21 '12 at 10:45

Bogdan Burym

5,482
2
27
46

I want to encrypt the active record content. – tnchalise Dec 21 '12 at 10:52
Actually i want to encrypt the data or say id or any other attribute from table entry. That means server side. – tnchalise Dec 21 '12 at 11:01
@TNC You want to encrypt form data when it is submitted before sending it to the server? – Bogdan Burym Dec 21 '12 at 11:07
Client-side encryption could at least give some headaches for the rev-engineer, but encrypting for transport is a really good thing! – CSᵠ Dec 21 '12 at 11:22
@godka No headaches if you have the encryptyion algorithm. And in this case we do. – Bogdan Burym Dec 21 '12 at 11:25
@godka Why you will use an encryption which can be decrypted by anyone? doesn't make any sense. – itachi Dec 21 '12 at 11:38

score 0 · Answer 3 · edited May 23 '17 at 12:04

0

If you need to encrypt id or say mobile no in url, you create your own encryption function, but it will only be anonymous if you encrypt data using variable salts. Check here for salt encryption help. Thanks.

edited May 23 '17 at 12:04

Community

1
1

answered Dec 22 '12 at 17:47

Coder anonymous

917
1
8
25

In MVC, where the function goes? I have id or something that is taken form the users choice that actually comes from active record, and i want to pass that into controller where the decryption will be done. But am confused in the sense that generally in view no any functions are written.? Any clues?? – tnchalise Dec 22 '12 at 18:27

Encrypting POST data in YII

3 Answers3