Utility function to encrypt - decrypt string using AES symmetric algorithm that is compatible with crypto-js.
Harvesting data on the web has become an easy task.
Often, to obtain data stored into a database, a simple script loops on a numeric query parameter (called usually id) embedded into an URL and it donwloads a lot of useful data.
Last but not least, AJAX call contains a lot of information and, if unprotected, they can easily looped to obtain all their contents.
How to prevent these flaws? Maybe if the query string or the data is encrypted a lot of those scripts will not work...
How it works¶
The \CryptoParams\CryptoParams class provide methods to encrypt and decrypt strings using AES algorithm . This way query parameters (but also JSON responses) can be obfuscated and read only by the possessors of the encryption key.
If the parameter is only on query string, only the server can translate them (since the key is not exposed), avoiding obnoxious looping scripts that harvest the data.
|||AES is a symmetric encryption - decryption algorithm based on a 32 bytes shared key (and a shared Initialization Vector) that can obfuscate parameters and data.|