Mike Chambers <mikechambers <at> gmail.com> writes: > > > I am not concerned if they can send the hash back. I dont want them to > be able to access the underling value that the hash is based on. > > I am also not concerned about spam, but rather just dont want to expose > raw database ids to the public. >
Hi Mike I think you are right to be cautious about not exposing DB IDs publicly. My suggestion is to create another column in the table with the IDs and make it a unique ID, something like a SHA1 hash of the DB ID + Username +email for instance. Then base all requests and DB lookups on this. It won't stop users from using a hash they know about, but it will stop them from guessing others. You could even index the DB column for performance. Hope that help, if not I apologise for not reading your post more carefully! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
