We would like to obfuscate all or part of our URL's. I know that this is sometimes done with rewrite engines within a specific CMS like Joomla or Drupal, but aMember is doing this for us. Our first need would be to obfuscate the URL's for things like the membership sign up page, for which we use price groups. The price groups are right in the URL. A savvy user can manipulate these variables easily and see what else is out there. The second need in general, and I think a nice enhancement would be for the rewrite engine to generate encrypted URL's. I know there is alot to think about here, but I am wondering if anyone else has these concerns/needs, and if there are any solutions out there?
@lushtech: You can have a mix of both positive and negative numbers of any length for a price_group. Doesn't that allow for a sufficient level of security assuming an admin sets price_groups long enough and non sequentially? Unless you're making links user / session / time specific, it seems any obfuscation of the URL can be gamed either by search index culling or even user<->user propagation.
Skippy, Good point on the numbers. Before going into a plan wanted to see if there were any neat implementations out there. We will definitely go with a complex number scheme. I was definitely seeking a solution that would obfuscate with session variables and time as you would find in an enterprise framework. I figured someone may have created an add on that I had not seen before. If nothing comes to mind, then thanks for considering it and we may look at building something in the future.
If your only concern is the signup page you could certainly extend it to support/require base64 encrypted URLs. Thinking it would be easy enough to encrypt the URL using admin only encode function Code: urlencode(base64_encode($url)); modify signup page to include decode before parsing parameters Code: base64_decode(urldecode($url));