Sept 20 2018
There may be a time when you feel that you must include sensitive data such as email, user names, user settings, etc in the url. However, even though you really shouldn't, it is ok if you do it right and secure the information properly.
Urls such as these are generally bad and risky for leaked information:
1?email=someuseremail@domain.com
2?first_name=tom&last_name=hanks&email=tomhanks@somedomain.comNow, not only is it bad practice, but Google hates it as well. Information as such these are describe as personally identifiable information (PII) which can cause Google to disable links/ads from running correctly.
Ok, lets go ahead and dive into some of the ways of securing data for the url, starting with using database user or data ids:
Suppose for your application, we have a users table like this:
id | username | password | |
|---|---|---|---|
15615 | michael_scott1 | michael@scott.com | 5b525abbe... |
So, having this data, if you were to reference the user, michael_scott1, you could use this url:
1?user=15615This is easiest method to reference data or users from database; however, it does have a major flaw. The flaw is that you're revealing the ids that are normally secured within the database. Additionally, the public knows that there is such a user with an id of 15615 and if the display name is revealed somewhere, it's quite easy to tie together that michael_scott1 is 15615.
Overall, this is terrible method and should never be considered; technically, there's nothing secure with this technique.
Among some of the most common methods, this one works well and is quite straightforward to implement. The method requires that the urls include some sort of token, a token that is also stored securely on the database that points to a specific data set or a a user.
A token can easily be created with just a hashing function. All a hashing function will do is take a string of arbitrary size and convert it to a fixed length string based on it's algorithm. Also, one of the core purposes of hashing is because of it's one-way nature, meaning its near impossible to go from its output back to its input. The following are all examples of hashing functions in php:
1sha1(), md5(), hash()Also, what makes this method even more secure is that the tokens can expired based on time or is invalidated after a single use. In either case, you'll need to create the token only whenever you need it. As an example, if you're working with marketing emails and you will to reference a single individual user from their email, this method works very well.
Let's take the user michael_scott1 again as an example. Before sending out the email for him, create the token for the user:
id | username | password | token | |
|---|---|---|---|---|
15615 | michael_scott1 | michael@scott.com | 5b525abbe... | 4cf7cbcec7dd81531f77fab1ea |
So now, if you need to securely reference michael_scott1 securely through a url, you can use:
1?user=43a018f1d4b1cd104b9056838c5b754c9639c51fIf its a one-time use, be sure to re-create a new token the next time when needed.
This method is probably just as secure as the previous method, however, it does have one big advantage, it saves you processing time by not having to deal with a required database. By encrypting data for the url and decrypting later when you need it makes this method an ideal solution for high traffic pages.
Basically, you would call some kind of encrypting function whenever you need the token and similarly, call a corresponding decrypting function on the data to get back the original value. This value will ultimately reference back to the sensitive data in the database.
Ok, that is it! I hope that this helped you understand more about the importance of securing data in the url.