MD5 hashes. Do they obfuscate the URL?

  • Resolved kingofmycastle

    (@kingofmycastle)


    8 years, 6 months ago

    Hi, I was hoping I could find an easy way to obfuscate the URLs of the downloads and I thought turning on MD5 Hashes would do it.

    It would be great if the URL to a file was like:
    …com/download/6e7ba294bbc119fe5eef4c53da574a0c

    At the moment they are like:
    …com/download/58

    The reason for this is that I will be having a few different groups logging onto the site and I wouldn’t want them to start to try and guess the filenames of downloads that appear on other restricted pages.

    Does the MD5 hash just change the way the file is stored on the database?

    Thanks!

    John

    https://www.ads-software.com/plugins/download-monitor/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter kingofmycastle

    (@kingofmycastle)

    I’ve fixed the obfuscation by doing the following:

    1. In the content-download.php file created in my theme I use this PHP to create the button and Base64 encode the url:

    <?php $url = $dlm_download->get_the_download_link(); ?>
<div class="download-button" data-url="<?php echo base64_encode($url); ?>">Download File</div>

    2. Use Javascript to change the link on a click. (I added a Base64 js library to my site first which is where the Base64 variable comes from)

    $('.download-section .download-button').on('click', function(e) {
	var encodedString = $(this).data('url');
	var decodedString = Base64.decode(encodedString);
	e.preventDefault();
	window.location.href = decodedString;
});

    Hope that helps somebody looking for a simple, if not actually secure, way of hiding file uploads between groups.

    Looking for the same thing, but I’d like a better solution without js

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘MD5 hashes. Do they obfuscate the URL?’ is closed to new replies.

Tags