On 8/10/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > > On 8/10/06, hernan43 <[EMAIL PROTECTED]> wrote: > > > > Nowadays(is that a word?) a lot of fancy web services use API keys to > > allow an individual access to a service without requiring a username > > and password. Google, flickr(I believe), Akismet, so on and so on. > > > > If I wanted to make a Django app that utilized a custom authenticator > > and my own "API key" what would be the best way to generate unique API > > keys for my app. Would running a md5/sha sum on username + randomstring > > + email be safe? Or is that stupid thinking? > > Why not just 'randomstring'? I assume you'd be storing it anyway. > Tagging on username and email doesn't give you anything extra.
Plain random string would make it possible (though not likely) to have two accounts with same API-key. That's why some personal data should be inserted in to the API-key (like username+random through SHA) -- Jyrki // [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
