Recipe 14.3 Obscuring Data with Encoding
14.3.1 Problem
You
want to prevent data being viewable as
plaintext. For example, you don't want hidden form
data to be revealed simply by someone viewing the source code of a
web page.
14.3.2 Solution
Encode the data with base64_encode(
):
$personal_data = array('code' => 5123, 'blood_type' => 'O');
$info = base64_encode(serialize($personal_data));
print '<input type="hidden" name="info" value="'.$info.'">';
<input type="hidden" name="info"
value="YToyOntzOjQ6ImNvZGUiO2k6NTEyMztzOjEwOiJibG9vZF90eXBlIjtzOjE6Ik8iO30=">
Decode the data with base64_decode(
)
:
$personal_data = unserialize(base64_decode($_REQUEST['info']));
get_transfusion($personal_data['blood_type']);
14.3.3 Discussion
The Base64 algorithm encodes data as a string of letters, numbers,
and punctuation marks. This makes it ideal for transforming
binary data into a plaintext form
and also for obfuscating data.
14.3.4 See Also
Documentation on base64_encode( ) at http://www.php.net/base64-encode and
base64_decode( ) at http://www.php.net/base64-decode; the Base64
algorithm is defined in RFC 2045, available at http://www.faqs.org/rfcs/rfc2045.html.
|
