Forgive my feeble mind, but I am trying to understand, what is the point of substituting 'walewadu' for 1 or 2 or 3855? What security does this provide? -richard
On 5/15/08, Norman Harman <[EMAIL PROTECTED]> wrote: > > > Gabriel wrote: > > Mike Chambers <mikechambers <at> gmail.com> writes: > > > >> > >> I am not concerned if they can send the hash back. I dont want them to > >> be able to access the underling value that the hash is based on. > >> > >> I am also not concerned about spam, but rather just dont want to expose > >> raw database ids to the public. > >> > > > > > > Hi Mike > > > > I think you are right to be cautious about not exposing DB IDs publicly. > My > > suggestion is to create another column in the table with the IDs and make > it a > > unique ID, something like a SHA1 hash of the DB ID + Username +email for > > instance. Then base all requests and DB lookups on this. It won't stop > users > > from using a hash they know about, but it will stop them from guessing > others. > > You could even index the DB column for performance. Hope that help, if > not I > > apologise for not reading your post more carefully! > > Creating db column is what I did for storymash.com, for example this url > > http://storymash.com/u/huskerlayd/wolewadu/ > > "wolewadu" is a unique string used to reference individual chapters in > urls and other places. It's not a hash. It's not related to id. > Wanted less ugly urls than either ids or hashes provide. So it's always > 8 alternating constanants/vowels with a bunch of undesirable > words/substrings disallowed. > > We create this once in the save method of Chapter model > > if self.hash is None: > self.hash = self._generate_hash() > > And queries are: > > chapter = Chapter.objects.get(hash="wolewadu") > > > Definitely make it indexed column though. > > > The business case is different from what I think Mike wants but similar > methods can apply. > > -- > Norman J. Harman Jr. 512 912-5939 > Technology Solutions Group, Austin American-Statesman > ___________________________________________________________________________ > Get out and about this spring with the Statesman! In print and online, > the Statesman has the area's Best Bets and recreation events. > Pick up your copy today or go to statesman.com 24/7. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
