On Fri, 05 Jan 2007 09:39:17 -0800, [EMAIL PROTECTED] wrote: > Basically, what I am trying to do is display all comments by a > specified user on the website. As the only thing which has =always= > been used to identify users which never changes is their e-mail > addresses,
What are you talking about? I've changed my email address a dozen times on many mailing lists and websites. I'm still me. > this is the only thing which I can use. Obviously, I can't > display this e-mail address though. There is nothing obvious about that all all. Email addresses are usually public. But okay, your users aren't expecting their email address to be public. Why not do what many jails do with prisoners? Everybody gets a unique number. In your case, just walk through the database of users, giving each one a number. You can't reverse engineer the email address from the number without breaking into the database. Then your website can refer to them as "Prisoner 123456789" which should be good for a few laughs. Or simply take the username part of the address. So "[EMAIL PROTECTED]" would become "fred". Then "[EMAIL PROTECTED]" would become "fred1", and so forth. Obviously you don't try to generate the username from the email address every single time, you do it once, and keep a list of used usernames so that when "[EMAIL PROTECTED]" joins you know "fred" and "fred1" are both used and he has to be "fred2". md5 checksums can now be broken, in both directions: it is relatively easy to generate collisions, and there are reverse md5 lookup tables. I imagine your use of md5 would be especially easy to attack, since the attacker knows that the string is an email address. -- Steven. -- http://mail.python.org/mailman/listinfo/python-list
