Forgive my feeble mind, but I am trying to understand, what is the point of
substituting 'walewadu' for 1 or 2 or 3855?  What security does this
provide?
-richard



On 5/15/08, Norman Harman <[EMAIL PROTECTED]> wrote:
>
>
> Gabriel wrote:
> > Mike Chambers <mikechambers <at> gmail.com> writes:
> >
> >>
> >> I am not concerned if they can send the hash back. I dont want them to
> >> be able to access the underling value that the hash is based on.
> >>
> >> I am also not concerned about spam, but rather just dont want to expose
> >> raw database ids to the public.
> >>
> >
> >
> > Hi Mike
> >
> > I think you are right to be cautious about not exposing DB IDs publicly.
> My
> > suggestion is to create another column in the table with the IDs and make
> it a
> > unique ID, something like a SHA1 hash of the DB ID + Username +email for
> > instance. Then base all requests and DB lookups on this. It won't stop
> users
> > from using a hash they know about, but it will stop them from guessing
> others.
> > You could even index the DB column for performance. Hope that help, if
> not I
> > apologise for not reading your post more carefully!
>
> Creating db column is what I did for storymash.com, for example this url
>
>     http://storymash.com/u/huskerlayd/wolewadu/
>
> "wolewadu" is a unique string used to reference individual chapters in
> urls and other places.  It's not a hash.  It's not related to id.
> Wanted less ugly urls than either ids or hashes provide.  So it's always
> 8 alternating constanants/vowels with a bunch of undesirable
> words/substrings disallowed.
>
> We create this once in the save method of Chapter model
>
>    if self.hash is None:
>        self.hash = self._generate_hash()
>
> And queries are:
>
>    chapter = Chapter.objects.get(hash="wolewadu")
>
>
> Definitely make it indexed column though.
>
>
> The business case is different from what I think Mike wants but similar
> methods can apply.
>
> --
> Norman J. Harman Jr.  512 912-5939
> Technology Solutions Group, Austin American-Statesman
> ___________________________________________________________________________
> Get out and about this spring with the Statesman! In print and online,
> the Statesman has the area's Best Bets and recreation events.
> Pick up your copy today or go to statesman.com 24/7.
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to