ansaurus

Question

How to get unique short strings from integers?

Answer 1

A:

You could always base64 then url encode the id's.

in php:

urlencode (base64_encode("1234"))
> MTIzNA%3D%3D

base64_decode(urldecode("MTIzNA%3D%3D"))
> 1234

Byron Whitlock 2009-07-02 18:38:52

Answer 2

+6 A:

If the primary concern is that one customer can look at another customer's page I wouldn't depend on the method you are proposing. Ultimately it is "Security Through Obscurity". I would, instead, tie the display of the page to the customer's authentication credentials (providing you require your users to log in). If the customer tries to access a profile page other than their own they redirected to the login page or given an access authorization error message.

In fact you don't even need to have the customerID in the URL. Just use /profile/

William Edmondson 2009-07-02 18:39:11

+1 You are right. that's the correct way to do this, just /profile/

Byron Whitlock 2009-07-02 18:42:07

Yep, this is the answer. Maybe it's just me, but this seems so obvious!

Josh Stodola 2009-07-02 19:09:01

The OP doesn't actually state that the issue is whether someone can view someone else's profile. The only issue cited is not wanting people to know how many users there are. If others profiles can't be viewed, this is a great solution; if not...

bdukes 2009-07-02 19:13:11

Yes, one person can view other's profiles(for example by browsing through the site). They are public. My primary consideration is that I d not want to give away the pk used in url, essentially for two main reasons. 1. So someone cant do a next-next to see all profile, or make it too easy for bots to guess all urls etc.2. To keep the number of Customers from becoming public information.

uswaretech 2009-07-03 03:38:55

Answer 3

A:

maybe you could asociate a random pair of letters of the alphabet to each digit...

Jonathan 2009-07-02 18:42:31

Answer 4

+1 A:

The easiest and safest way to do this would be to create lookup table with a mapping from the customer id to a unique random string.

Otto Allmendinger 2009-07-02 18:53:19

Answer 5

+2 A:

There are some hash algorithms which produce short (8 characters, 0-9a-f) output strings, for example adler32 or crc32. You can generate them using PHP function hash() (see hash_algos() for a list of available algorithms), but I’m not sure your DB engine itself can handle it. If that’s the case, generating random slugs would be a better solution.

And add salt when hashing, so it’s more secure.

Maciej Łebkowski 2009-07-02 19:04:10

He can also use a hash function with a much longer output and only take the first N bytes.

Otto Allmendinger 2009-07-03 06:54:21

the first N bytes doesn’t have to be unique

Maciej Łebkowski 2009-07-03 08:07:26

ansaurus

tags:

views:

answers:

How to get unique short strings from integers?

related questions