On 8/10/06, Jyrki Pulliainen <[EMAIL PROTECTED]> wrote: > On 8/10/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > > On 8/10/06, hernan43 <[EMAIL PROTECTED]> wrote: > > > Nowadays(is that a word?) a lot of fancy web services use API keys to > > > allow an individual access to a service without requiring a username > > > and password. Google, flickr(I believe), Akismet, so on and so on. > > > > > > If I wanted to make a Django app that utilized a custom authenticator > > > and my own "API key" what would be the best way to generate unique API > > > keys for my app. Would running a md5/sha sum on username + randomstring > > > + email be safe? Or is that stupid thinking? > > > > Why not just 'randomstring'? I assume you'd be storing it anyway. > > Tagging on username and email doesn't give you anything extra. > > Plain random string would make it possible (though not likely) to have > two accounts with same API-key. That's why some personal data should > be inserted in to the API-key (like username+random through SHA)
Sorry but that's just wrong. There's an equal chance that sha(username+random) will generate two identical API numbers. SHA does not 'add' randomness and adding username does not ensure you'll get different results. Felix --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
