3

Say I have one form that changes its content (fields and options) based on the user's current state in a multi-state process. Say that it always leads to the same action, which means the action needs to figure out what event occurred and on which entity. 

<form action='/somecontroller/someaction' method='post'></form>

What is the most common way of transferring this sensitive data to the controller? I'm reluctant to even suggest hidden fields, as those can be changed by anyone. Two way encryption of some sort which is then decrypted in the action and used to determine the rest, server-side? Perhaps serialize sensitive info, encrypt it, and put it in a single hidden field on the client side of the form, then decrypt and unserialize in the controller?

<?php

$hiddenData = unserialize($this->decrypt($_POST['hiddenData'], SALT));
unset($_POST['hiddenData']);
$data = array_merge($hiddenData, $_POST);
...

Basically - how do I send some data with a form securely without exposing it to outside alterations, that is, without making sure something can go wrong if it is altered? Is there some kind of best practice regarding this?

Improve this question
1
  • 2
    You do this with a server-side session store, e.g. $_SESSION. The only thing that's shared then publicly is the session identifier (session_id()), but all data in that session store is kept server-side. Commented Mar 13, 2012 at 12:31

2 Answers 2

Reset to default
4

You never send that data to the client at all.

Store it server-side within the session management capability (for PHP, you can access that using the $_SESSION variable) and only send the session token (long random number, PHP has routines for generating/maintaining good session identifiers as well) to the client (typically done in the form of a cookie). For keeping track of data in a multi-step process (including the state that the user is in), you never want to expose that to the client.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Would this not enable the user to pollute the session info with extra useless information if he was in two different states at once (and thus able to perform two events separately, perhaps in two different views?)
1

Interesting question. What I would do is a combination of the following (if sessions are not a solution for you):

  1. employ a AES_256 / modifyed AES_256 crypt/decrypt on a serialized representation
  2. make a MD5 + SALT (or similar) hash of the variables that you could compare with a stored hash to determine if any manipulation took place
  3. use something like the user's IP as SALT to generate the hashes or for the crypt functions, thus if a user's IP should change you'll know that (beware: an IP address might change under some circumstances)
Improve this answer

4 Comments

I like this option, sessions might be troublesome (see comment on other answer), and I'm not a fan of checking every single post param and every single open state of an object to determine which event to trigger on a certain state. I'll give this a go and see how it turns out, this is how banks do stuff, right? Hashing the info and comparing and decrypting it server-side after submission...
well mainly they use SSL in the first run, everything beyond that is strongly dependent on the bank and country... however, AES256 is the cipher approved by the National Security Agency (NSA) for top secret information, so it should be sufficiently secure for your use :)
I went with this, and will report back with better findings if I come across them. I will definitely try the sessions solution as well, but I like this the most because it enables my entities to have multiple states with identical params without triggering two identical states at once after submitting.
Maybe my answer to another question here might be also interesting for you, take a look at it... stackoverflow.com/questions/9708989/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.