On May 15, 2:02 pm, Mike Chambers <[EMAIL PROTECTED]> wrote: > Sorry for not being more specific. > > I am talking about data in hidden fields: > > <input type="hidden" name="object_id" value="1" /> > > I would like to encrypt the value. > > I could hash it using md5 or sha1 and a secret key, and then on the > server, loop through the values in the DB to find the match. But that > does not seem very performant. > > I could also store the hash in the DB, but then if for some reason my > secret key changes, all of that data becomes useless. > > The values would not be viewable. Instead of: > > <input type="hidden" name="object_id" value="1" /> > > it would be > > <input type="hidden" name="object_id" > value="dflif8hf534iublfjsdblfsdjhvbfdsjhl" /> >
How would that help if the "secret" value was in the form already? Bots and what not would see it all the same. If you want to stop spam posts (which is what I'm assuming you're up to) you can limit comments to logged in users, run the data through something like Akismet, use a CAPTCHA, etc. But obfuscating the ID is not going to accomplish much-- if it's available in the HTML that means a bot is going to see it to. You're probably better off just limiting users to X comments per hour or something. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
