Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Secure URL
Secure URL
  • El Forum
    Guest
  •  
#1
03-25-2010, 07:21 PM

[eluser]frist44[/eluser]
I'm doing something similar to craigslist where people will submit posts without using a username/password. When looking back on a past craigslist ad I posted, they used the following URL:

https://post.craigslist.org/manage/1379115881/jdcc5

Presumably, the last two segments was just for me with the idea that someone couldn't have easily made that up. I would like a URL to go to a page where the user has to confirm the post, so I can make correspondence with their email to ensure the post was valid.

What do you think is good to attach to the URL check?

I think about doing some md5 on an ID and put that in the database to confirm, but the URL gets so ugly. The craigslist string is relatively short, so I'm trying to figure out the right balance between complexity and security.

Thoughts?
  • El Forum
    Guest
  •  
#2
03-25-2010, 10:46 PM

[eluser]Aken[/eluser]
You shouldn't need to MD5 anything, especially since they can be brute force guessed pretty easily.

I'd just generate a unique random string out of letters and numbers. Or if you want to get even fancier, generate a random string, and then encrypt it using a salt.




Theme © iAndrew 2016 - Forum software by © MyBB