Sorry for not being more specific. I am talking about data in hidden fields:
<input type="hidden" name="object_id" value="1" /> I would like to encrypt the value. I could hash it using md5 or sha1 and a secret key, and then on the server, loop through the values in the DB to find the match. But that does not seem very performant. I could also store the hash in the DB, but then if for some reason my secret key changes, all of that data becomes useless. The values would not be viewable. Instead of: <input type="hidden" name="object_id" value="1" /> it would be <input type="hidden" name="object_id" value="dflif8hf534iublfjsdblfsdjhvbfdsjhl" /> And searching on google and this list, only turned up one way hashes. mike Richard Dahl wrote: > I am not sure what you mean by 'passed through the form', are you > reffering to some sort of hidden form-field? I am not sure exactly > how encryption of these two fields is going to help you. If the form > processing view is publicly available, and these two values are > availble to a user (or script) then whether they are encrypted or not > they can be captured and submitted. This would help if you encrypted > the values with something else, like some piece of information > concerning the logged-in user, but you could much easier just limit > the form processing to logged in users and if you see activity on an > account that suggests script-based submissions, disable the offending > account. > > There are python implementations of various encryption algorithms as > well as some javascript functions. I would try google-ing for these, > if you think this will help. > hth, > -richard > > > On 5/15/08, Mike Chambers <[EMAIL PROTECTED]> wrote: >> I have a commenting app that requires that the item id, and content type >> id be passed through the form. >> >> This works fine, but i would like to encrypt that data to make it a >> little more difficult for people to programatically submit the form. >> >> Does anyone have any info on how to encrypted form data? I know how to >> hash it using MD5, and SHA1, etc... but that is only a one way hash. I >> dont want to have to loop through all of the possible values to compare >> the hashes as that could get to be expensive. >> >> Any suggestions? >> >> mike >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
