Gabriel wrote:
> Mike Chambers <mikechambers <at> gmail.com> writes:
>
>>
>> I am not concerned if they can send the hash back. I dont want them to
>> be able to access the underling value that the hash is based on.
>>
>> I am also not concerned about spam, but rather just dont want to expose
>> raw database ids to the public.
>>
>
>
> Hi Mike
>
> I think you are right to be cautious about not exposing DB IDs publicly. My
> suggestion is to create another column in the table with the IDs and make it a
> unique ID, something like a SHA1 hash of the DB ID + Username +email for
> instance. Then base all requests and DB lookups on this. It won't stop users
> from using a hash they know about, but it will stop them from guessing others.
> You could even index the DB column for performance. Hope that help, if not I
> apologise for not reading your post more carefully!
Creating db column is what I did for storymash.com, for example this url
http://storymash.com/u/huskerlayd/wolewadu/
"wolewadu" is a unique string used to reference individual chapters in
urls and other places. It's not a hash. It's not related to id.
Wanted less ugly urls than either ids or hashes provide. So it's always
8 alternating constanants/vowels with a bunch of undesirable
words/substrings disallowed.
We create this once in the save method of Chapter model
if self.hash is None:
self.hash = self._generate_hash()
And queries are:
chapter = Chapter.objects.get(hash="wolewadu")
Definitely make it indexed column though.
The business case is different from what I think Mike wants but similar
methods can apply.
--
Norman J. Harman Jr. 512 912-5939
Technology Solutions Group, Austin American-Statesman
___________________________________________________________________________
Get out and about this spring with the Statesman! In print and online,
the Statesman has the area's Best Bets and recreation events.
Pick up your copy today or go to statesman.com 24/7.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
