This is a patch which enables PHProxy to use URL encryption. The key can be either a static key, the hostname, or a randomly-generated session key. This requires mcrypt to work.
Session keys have several benefits - provided cookies aren't logged server side, it's not possible to reconstruct what URLs were visited. Also, once the browser is closed, the history should be unusable client side. Encryption is handled through a wrapper I wrote for a framework - it can detect malformed cyphertext, and is designed to resist attacks and cryptanalysis.
I also fixed an issue where PHP was compiled without support for the ctype_alnum function, and made a few modifications to both increase the number of configurations this will run on (SCRIPT_URL and PHP_SELF support) and allow this to run under a directory without the /index.php as part of the URL.
Note: The encryption handler uses exceptions, which are a PHP5 feature. It may be possible to get this to work under PHP4 by removing them; however, this has not been tested.
Log in to post a comment.