2

I'm trying to figure out a way to program a function that will de-obfuscate a plain text url.

Something like this:

<input type="hidden" value="kjgajkwe@#jktGAkjgWjkajskd" name="obsfucatedString" />

Then in the processing of that form I want to De-Obsfucate it:

$url = deObfuscate($_POST['obsfucatedString']);
so $url would become something like:
$url = 'http://domain.com/filename.zip';

Is something like that even possible?

I'm trying to hide the url from plain programmer sight.

I guess I would need to write something that would obsfucate the string as well

so

$obsfucatedStringURL = obsfucate('http://domain.com/filename.zip');
Bart
  • 19,692
  • 7
  • 68
  • 77
Talon
  • 4,937
  • 10
  • 43
  • 57
  • http://php.net/manual/en/book.mcrypt.php + http://nz.php.net/manual/en/function.base64-encode.php – zerkms Apr 23 '12 at 23:57
  • Are you trying to mask the URL from a Developer with the PHP source code or the End User? because the instant you need the browser to load the unobstructed URL, you've lost what you're trying to achieve. If you're just trying to come up with a mechanism of data storage with a bit of security from the End User, could you use PHP sessions? – Scuzzy Apr 24 '12 at 00:08

2 Answers2

6

Encrypt the URL with a password stored on the server (a good algorithm to use is AES), then decrypt it when you need to obtain the value. A problem with this is that the encrypted string will not be composed of printable characters. To get around this, use base64_encode() to convert the binary encoded string to printable characters that can be added as a value in the <input> field, then use base64_decode() to get back the original value on the server.

rid
  • 61,078
  • 31
  • 152
  • 193
  • Performance-wise, this is not the best option when the data is not sensitive (enough). Transforming the bas64 string into something un-decodable, with something like strtr would be cool. Problem with strtr is, it operaters in serial order. Transforming base64 chars into all different url-safe characters, would be nice – twicejr Nov 14 '13 at 23:04
3

There are many ways of encoding and reversing a plain text string. An simple way to obfuscate your string is by using the str_rot13 function once to encode and once again to decode (note: this will not give you any cryptographic security). I'd suggest encrypting using AES using a secret stored on the server to encrypt and decrypt. The following thread's answer defines functions for encrypting/decrypting that you can use.

PHP AES encrypt / decrypt

Another approach that might be worth considering vs. obfuscation is to store the URL server side as part of the user's session or persisted in a database. Then instead of sending an obfuscated string down, use a key that performs a lookup to retrieve the URL.

Community
  • 1
  • 1
David Z.
  • 5,621
  • 2
  • 20
  • 13