Thank You.
Owing to these benefits, Magento 2 is becoming the most used platform in the E-commerce market.
Magento has the power to create unique, limitless, and engaging shopping experiences while simultaneously offering security, performance, out-of-the-box features, an unlimited ability to customize, and seamless third-party integrations.
Something went wrong.
Now, what if any unauthorized person found the URL, passes the parameter, delete all the records, products and destroy our business!
|
http://127.0.0.1/mag242sample/deleteaccount/index/deleteacc/id/1/
|
Magento offers a secured platform for online shopping. However, Magento 2 stores also have to be secure against those hacking attacks since eCommerce sites are more likely to become victims of a targeted attack by hackers!
Also, do not forget to share the post with Magento Community via social media.
Method to Encrypt and Decrypt URL Parameter in Magento 2:
- Use the below code in the Helper.php file at app/code/Vendor/Module/Helper.
namespace VendorModuleHelper;use MagentoFrameworkAppHelperAbstractHelper;use MagentoFrameworkAppHelperContext;use MagentoFrameworkUrlDecoderInterface;use MagentoFrameworkUrlEncoderInterface;class Helper extends AbstractHelperconst ENCRYPT = 1;const DECRYPT = 2;/*** @var EncoderInterface*/private $urlEncoder;/*** @var DecoderInterface*/private $urlDecoder;public function __construct(EncoderInterface $urlEncoder,DecoderInterface $urlDecoder,Context $contextparent::__construct($context);$this->urlEncoder = $urlEncoder;$this->urlDecoder = $urlDecoder;/*** @param $url* @return string*/public function encodeUrl($url)return $this->urlEncoder->encode($url);/*** @param $url* @return string*/public function decodeUrl($url)return $this->urlDecoder->decode($url);/*** @param $action* @param $string* @return bool|string*/public function encryptDecrypt($action, $string)$output = false;$encrypt_method = “AES-128-ECB”;$secret_key = ‘This is my secret key’;$key = hash(‘sha256’, $secret_key);if ($action == self::ENCRYPT) {$output = openssl_encrypt($string, $encrypt_method, $key);} elseif ($action == self::DECRYPT) {$output = openssl_decrypt($string, $encrypt_method, $key);}return $output;
- To encrypt data
private $helper;public function __construct(MeetanshiDeleteaccountHelperHelper $helper)$this->helper = $helper;public function encryptData()$encryptedParam = $this->helper->encryptDecrypt(DATA::ENCRYPT, ‘<parameter value>’);$encryptedParam = $this->helper->encodeUrl($encryptedParam);$urlWithEncryptedData = $this->helper->url->getUrl(‘your route path’) . ‘id/’ . $encryptedParam . ‘/’;
After encrypting data, the URL parameter will display as shown below:
http://127.0.0.1/mag242sample/deleteaccount/index/deleteacc/id/RU5YVDdSaWllYnFMbm9zYSsyVEZFQT09 - To decrypt data
* @var Helperprivate $helper;public function __construct(MeetanshiDeleteaccountHelperHelper $helper)$this->helper = $helper;public function decryptData($encryptedParameterValue)$decryptedParam = $this->helper->decodeUrl($encryptedParameterValue);$decryptedParam=str_replace(” “, “+”, $decryptedParam);$decryptedParam = $this->helper->encryptDecrypt(DATA::DECRYPT, $decryptedParam);
For example, if the owner wants to delete any particular product by product ID using URL, he passes the URL as shown below:
We are here to rescue your store. To prevent your store from inauthentic access, use the below solution.
That’s it.
Thank you for subscribing.
Get Weekly Updates
Any doubts in the above solution can be mentioned in the Comments section below. I’d be glad to help.
One such way to secure your store is to encrypt and decrypt URL parameter in Magento 2. Encryption is the process of translating plain text data (plaintext) into something that appears to be random and meaningless (ciphertext) that no one can understand. Decryption is the process of converting ciphertext back to plaintext.
Never miss Magento tips, tricks, tutorials, and news.
/**/
/*.mfp-bg{background:#000000d4}
/*]]>*/
/*.mfp-bg.mfp-ready{opacity:.6}
/*]]>*/
