1

I am currently working on a text sharing website and I came across the following problem. Each post gets an ID and I would like to be able to easily access the post this by giving the id in the link as a parameter. But since you can simply enter the numbers manually, it is very insecure. My idea is to calculate a longer unique number from the ID. Of course, the number needs to be brought into its original state. The ideal would be a solution in a python. Thanks in advance!

Edit: Correct me if I am wrong but there is no way to reverse the uuid back to the original number?

Kaesekante
  • 109
  • 1
  • 9
  • 2
    Possible duplicate of [How to create a GUID in Python](http://stackoverflow.com/questions/534839/how-to-create-a-guid-in-python) – idjaw Feb 24 '16 at 13:55
  • 1
    The question: why is it insecure? Are you afraid that someone who should not see the post will be able to see it? Then solve this problem properly by using privileges. – freakish Feb 24 '16 at 13:56
  • why not to create some 10 digit or more longer random number and assign it as an id ? – Pratik Gujarathi Feb 24 '16 at 14:03
  • @freakish everyone with the link should be able to see the content not just the creator – Kaesekante Feb 24 '16 at 14:11
  • @Pratik Gujarathi I have the id already in my database and I wanted to use the id as base for the rnd number – Kaesekante Feb 24 '16 at 14:15
  • 1
    @Kaesekante Then I don't understand what your issue is. Under this assumption there is nothing insecure in using ids. You do realize that people can share links between each other? – freakish Feb 24 '16 at 14:16

1 Answers1

1

First thing that needs to be said is that it's not insecure. Even if you calculate some longer number, there is still a chance to access it anyway. Imagine someone creating a generator script trying such numbers. Giving post an ID and security shouldn't be mixed up together.

The best solution would be to add some kind of privileges system or password protection. You can of course use some hash functions for making the id longer if you insist. Not sure what exactly is the idea behind the website, you mean something like Pastebin? Simply add an option for the password protection as I suggested before. Some might use it, some don't.

Hitokage
  • 733
  • 8
  • 19