Thursday, 15 April 2010

Hash id in url php -



Hash id in url php -

logged in user on site can create documents, pretty much on google docs. document can made public user, or private (defualt). documents stored in database table this:

| id | title | content | public | owner | | 1 | asd | asd | 1 | 1 | | 2 | asd | asd | 0 | 1 | | 3 | asd | asd | 0 | 2 |

if public equals 1, public document can viewed link user: site.com/documents/id

the thing is, though documents can public, don't want users able increment url id 1 time access public documents:

site.com/documents/1 site.com/documents/2 site.com/documents/3

and on...

so maybe should hash id or that? so:

<?php echo 'site.com/documents/'.md5($id); ?>

problem is, can't figure out id on server side since hashed...

what can problem?

depending on security requirements, should ensure document ids random , not guessable. if hash auto-incrementing id, resulting hash may seem random, 1 time notices hashing increasing numeric values (and correctly guesses hashing algorithm), easy guess possible document ids.

to accomplish this, hash random numbers (make sure there no hash collisions in database), or work uuids (see this question illustration on how generate them).

in order map hashed identifiers existing documents, store hash alongside document in database (best utilize hash primary key).

php

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)