Thanks for the input. I was considering doing this, but my only concern was if the key changed for some reason, I would have to regenerate the hashes. I might try it out though, and see how well it works.
Of course, Im not sure why the key would get reset. Thanks for all of the input and suggestions. mike Gabriel wrote: > Mike Chambers <mikechambers <at> gmail.com> writes: > >> >> I am not concerned if they can send the hash back. I dont want them to >> be able to access the underling value that the hash is based on. >> >> I am also not concerned about spam, but rather just dont want to expose >> raw database ids to the public. >> > > > Hi Mike > > I think you are right to be cautious about not exposing DB IDs publicly. My > suggestion is to create another column in the table with the IDs and make it a > unique ID, something like a SHA1 hash of the DB ID + Username +email for > instance. Then base all requests and DB lookups on this. It won't stop users > from using a hash they know about, but it will stop them from guessing others. > You could even index the DB column for performance. Hope that help, if not I > apologise for not reading your post more carefully! > > send email to django-users@googlegroups.com > To unsubscribe from this group, send email to [EMAIL PROTECTED] > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en > -~----------~----~----~----~------~----~------~--~--- > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
