sufficient obfuscation
0 views
Skip to first unread message
Chase Southard
May 7, 2008, 5:32:39 PM5/7/08
to ky...@googlegroups.com
Thinking about an event registration rails app 'cause what I have now is no good... Instead of exposing /registrants/1 to the user after they fill out their information, I thought it would be better to obfuscate things a bit and give the person registering a URL they can hold on to.
Does the method below provide sufficiently randomization and robust obfuscation? Or is there something about the String.crypt() and Salt that which makes this a bad idea.
class Registrant < ActiveRecord::Base
before_save :gen_confnumber
private
def gen_confnumber
#really a string not a number. confusing.
self.confnumber = "#{self.firstname}#{self.lastname}".crypt(Time.now.strftime("%W%Y%H%M%S"))
#where %W = week of the year; %Y = year (2008); %H = hour, 24-hour clock; %M = minute; %S = second
end
end
Later,
Chase
Does the method below provide sufficiently randomization and robust obfuscation? Or is there something about the String.crypt() and Salt that which makes this a bad idea.
class Registrant < ActiveRecord::Base
before_save :gen_confnumber
private
def gen_confnumber
#really a string not a number. confusing.
self.confnumber = "#{self.firstname}#{self.lastname}".crypt(Time.now.strftime("%W%Y%H%M%S"))
#where %W = week of the year; %Y = year (2008); %H = hour, 24-hour clock; %M = minute; %S = second
end
end
Later,
Chase
Leslie Hensley
May 7, 2008, 7:22:46 PM5/7/08
to ky...@googlegroups.com
Chase,
I'm using http://wiki.rubyonrails.org/rails/pages/Uses+Guid+Plugin on
http://www.showerinabox.com and it works like a charm. I don't create
accounts for customers I just email them the URL with a guid in it.
Leslie
Reply all
Reply to author
Forward
0 new messages