English 中文(简体)
Auth-code with A-Za-z0-9 to use in an URL parameter
原标题:

As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s)

Which provides long strings like : http://myapp.com/objects/1?auth_code=833fe7bdc789dff996f5de46075dcb409b4bb4f0

However it is too long and I think I might be able to "compress" this chain using more legal characters in an URL like the whole uppercase and lowercase alphabet in addition to numbers.

Do you have a code snipplet which does just that ?

最佳回答
your_auth_code = Digest::SHA1.hexdigest((object_id + rand(255)).to_s)

your_shortened_code = your_auth_code.to_i(16).to_s(36)

Converts your auth_code from base 16 (hexadecimal) to base 36 which uses [0-9a-z] Personally I d just cut the code in two if you feel it s too long.

问题回答

Courtesy of a coworker of mine:

  CHARS = [* a .. z ] + [* A .. Z ] + [*0..9]
  def create_token
    self.token = (0..9).map { CHARS[rand(CHARS.size)] }*  
  end

There s also one that uses a bunch ascii characters from range 32+, but it isn t suitable for your use case (urls) due to illegal characters, but you might want to use for password salts, etc. This one courtesy of James Buck:

Array.new(32) { 32 + rand(95) }.pack("C*")

With those two snippets you can probably customize it for your needs.

What gpaul is getting at is that hash functions are still hash functions even if they re truncated, there s just a higher chance of collision though with only 10 bits it s still quite a low rate of collision. If you look at bit.ly for instance their hashes are completely miniscule but as you noted they re using base-32 instead of base-16, it doesn t really matter that much.

What s important is for you to ask what s at risk if people collide, because even with full SHA1 there s still the chance (cryptographically impossible). If there s really not a huge danger I think you could go down to 5-10 characters.

But the question still remains of why it matters. In your emails presumably you re sending a link which people just click on correct? There may be a better option entirely if you can tell us why the url is too long.

That is correct : my app has Users which click a link on an email containing an auth code. When the user clicks the link, he ends up on the webapp but he is not redirected. The auth code will stay in the URL bar. Each one of my users has an auth code. What s at stake if collision occur is that two users cannot be distinguished between each other.

Thanks to your very valuable input I was able to figure out what to type in google to get info on that topic : "base 62".

So I found the base62 gem : http://github.com/jtzemp/base62

And now, my formula is :

Digest::SHA1.hexdigest((object_id + rand(255)).to_s).to_i(16).base62_encode.slice(0..10)

which gives me an auth_code like : Fw1eDr701PY

Its a good compromise. If my app conquers the world, I can still add a DB lookup to avoid duplicates but for now I will stick to it.





相关问题
rails collection_select vs. select

collection_select and select Rails helpers: Which one should I use? I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...

SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

Auth-code with A-Za-z0-9 to use in an URL parameter

As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s) Which provides long strings like : ...

RubyCAS-Client question: Rails

I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?

activerecord has_many :through find with one sql call

I have a these 3 models: class User < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_many :roles, :through => :permissions end class Permission < ActiveRecord::...

Ordering a hash to xml: Rails

I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished? hash.to_xml

Text Editor for Ruby-on-Rails

guys which text editor is good for Rubyonrails? i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor? n which one is best an ...

How to get SQL queries for each user where env is production

I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...

热门标签