encrypting url passed variables

[arcana_x]

Hi All,

i know its a good idea to pass variables using sessions.
But take this simple instance for example:

an un-subscribe button on the bottom of a junk email which everyone has seen, unencrypted would be something like:
unsubscribe.php?user_id=1

You couldnt pass that through a session?
obviously anyone could go through every number and unsubscribe everyone.

in reality, these are encrypted at the bottom of junk emails, so you cant just un-subscribe everyone.

There are a number of ways to encrypt this, but what is the best method with regards to what you store and reference to in the database also.

If you use hashed user_id's wouldnt your database grow in size dramatically? compared to numbers. also if you do store hashed user_id's what creates the user id if you dont use an auto_incremented int column? are they created randomly? howabout if you get a duplicate?

its just a little blurry in my head at the moment, ive never needed to encrypt variables passed via a url before, so if someone could give me a hint, it would be cool.

bearing in mind i dont want my database to grow 10 times larger just because i want to protect one little passed variable! there must be a simple solution that everyone uses?

please, tell me if im thinking about this in completely the wrong way. lol

[MikeBigg]

One approach I might take: if the link at the bottom of the email contained a number of bits of data encrypted in a way that can be decrypted, you don't need to store anything different in the database - your script can extract the info needed to select the correct email record.

For example: you could send the email id, the newsletter edition, a random number and a checksum.

This might look like: 1003|2007017|161514|P

encrypted might look like: agtbgdtferdsewsjhiyuhgtf

your unscubscribe link would add that string as a parameter.

When someone clicks on the link, the unsubscribe script decrypts the string, checks the check character is right, then unsubscribes the user 1003 and logs that the user unsubscribed because of something you wrote in the 17 edition of 2007.

Make sense?

Mike

[markl999]

Another popular way is to use a link such as unsubscribe.php?email=whatever&id=32charactermd5here

Where 32charactermd5here is an md5() of the email address + somesecretkey

[arcana_x]

I like that idea Mike, seems a nice systematical approach.

Both seem like good methods! for the method you mention Mark, you would need to store that 32charactermd5 within the database along side the user info i guess?

[markl999]

for the method you mention Mark, you would need to store that 32charactermd5 within the database along side the user info i guess?

Nope. As the url contains the email address and the hash you just need to md5(email address + secret key) and it should equal the hash.

[arcana_x]

ahh gotcha!!

Might give them both a little try and see how they pan out

Thanks for the tips, its alot less blurry now lol

[tbakerisageek]

What an element solution Mark.