Re: encrypting a string (and server varaibles)

From: Dikkie Dik <nospam@xxxxxxxxxx>
Date: Sun, 03 Dec 2006 16:57:49 +0100

First, use a session.
For each file you make accessible to the client, create a hash and store the (hash, filename) pair in the session. Use the hashes for communication with the client.
This has two advantages:
1. Your filenames will not be sent to the client and ara therefore not visible.
2. Just trying to submit random other values will not work, as there is no hash defined for them. So they can not be translated to a file.

Best regards

Brian Huether wrote:

I have a function that serves audio as a stream. I don't want people to see the filename. But I am using urls of this sort:

audio.php?op=serveaudio&file=www.somefile.mp3

1) How can I encrypt www.somefile.mp3 and then reconstruct it?

2) How should I really be doing this? Should I be putting the file name into a server variable? If so, what would that syntax be?

thanks,

brian

References:
- encrypting a string (and server varaibles)
  - From: Brian Huether

Prev by Date: Re: php 5 classes: public, protected and private
Next by Date: Re: php trim
Previous by thread: Re: encrypting a string (and server varaibles)
Next by thread: simpleton classes
Index(es):
- Date
- Thread

Relevant Pages

Re: Socket Server with Encryption help
... After reading your post I got a very strong suspicion that regardless of your saying that you read "a lot of papers about Symmetric, Asymmetric, Hash, Envelope and Signature" you didn't read even distantly enough to be able to implement something even distantly secure. ... The classical paper on three party authenticated protocols design was written by Needham and Schroeder "Using encryption for authentication in large networks of computers" in 1978, where they described several protocols, one of witch was modified, strengthened and extended a bit later to become what is now known as Kerberos. ... I've started to develop a server and client socket classes with encryption. ...
(microsoft.public.dotnet.security)
Re: Custom Authentication with WSE 2.0
... Get the Client to hash the password before sending the password over. ... Based on the custom handler in web.config Wse instantiates the custom ... to encrypt the passwords (the username for example), so that way I can come ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Webservice or not Advice
... Http is not a guarantted protocol though. ... longas the client does the same) as a aecondary argument. ... also calculate a hash value once the dataset is received. ... I'm wondering since im calling up a webservice to pass a ...
(microsoft.public.dotnet.distributed_apps)
Troubleshooting the client program
... Below is my client program...I put all the filenames in a directory ... the difference between 2 files by counting line and insert differ lines ... #list all the filename in the sampleStorage into filename.log ... #the autoflush method is used on the socket because otherwise the ...
(perl.beginners)
Re: Reusable source code
... But often one encounters ... Mid Level -- FREQUENT FUNCTION ... This does have the cost of making the client write ... One example is the hash table library that I use in PSPP, ...
(comp.lang.c)