On Mon, 27 Oct 2003 13:29:47 +1100, you wrote: >> What is the best approach to the unique page ID? I thought I would store >the >> dept. mgrs. email address and the session ID in a db, and use the session >ID in >> the URL. Do I even need the mgr's email address? Is another approach >better? >> What have you used? > >I'd concatenate the employee's email and manager's email, and then use an >MD5 hash of it as the unique string. i.e: > >$unique_id = md5 ( $employee_email . $manager_email ); > >For more info on what MD5 is, see >http://us2.php.net/manual/en/function.md5.php
Remember that there's no guarantee that any two strings won't map to the same md5 hash, and so they are bad candidates for unique ids. Even allowing for that, concatenating only the email addresses makes the hash extremely vulnerable. Better to add a salt and a timestamp, so your unique string becomes something like: unique_id = unix_timestamp + md5 (employee_unique_token + manager_unique_token + random_string) (All this assumes that you want the unique id to be unguessable for some reason. Personally, I'd just put the primary key associated with the job in the URL, and password-protect the site. Much simpler.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
