1

We have multiple sites and we have requirement to post values between them.

I am using phpseclib (http://phpseclib.sourceforge.net/) library for encryption-decryption.

After encrypting data, is it safe to POST on other website.

My working scenario is as follows:

Let's assume that I have a string that I need to post on example2.com from example1.com

First, at example1.com, I will encrypt the string using library provided functions. Then, encrypted string will be set as value for a hidden form field, which will post data to example2.com

Is it safe to POST encrypted value directly to example2.com? or should I make use of some encoding function like json_encode, or url_encode to encode encrypted data and make it safe for transaction between websites?

I-M-JM
  • 15,732
  • 26
  • 77
  • 103

2 Answers2

1

url encoding the message would probably break the decryption if ampersand, percent are part of the encrypted string.

Json encode is fine as long as it is decoded in the same manner to remove the escape sequences before decryption.

For php you'd make an key/value pair where your value is the encrypted string. This is some help on how to use PHP json encode.

how to use json_encode

There are two JSON methods in JavaScript any modern browser and IE8+:

JSON.stringify(obj) — converts an JavaScript object to a JSON string JSON.parse(str) — converts a JSON string back to a JavaScript object

if you need legacy IE support use https://github.com/douglascrockford/JSON-js

Community
  • 1
  • 1
FlavorScape
  • 13,301
  • 12
  • 75
  • 117
1

Base64 encode is pretty standard for posting binary data, Only 33 Percent overhead.

jbtule
  • 31,383
  • 12
  • 95
  • 128