| personally I would DES encrypt their email address. that way you have a contact if something goes wrong. On 11/08/2006, at 3:01 AM, Jyrki Pulliainen wrote:
Nowadays(is that a word?) a lot of fancy web services use API keys to allow an individual access to a service without requiring a username and password. Google, flickr(I believe), Akismet, so on and so on.
If I wanted to make a Django app that utilized a custom authenticator and my own "API key" what would be the best way to generate unique API keys for my app. Would running a md5/sha sum on username + randomstring + email be safe? Or is that stupid thinking?
Why not just 'randomstring'? I assume you'd be storing it anyway. Tagging on username and email doesn't give you anything extra.
Plain random string would make it possible (though not likely) to have two accounts with same API-key. That's why some personal data should be inserted in to the API-key (like username+random through SHA)
--
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
|
