Is there are some id obfuscate libs in django?
325 views
Skip to first unread message
forrest yang
May 27, 2012, 11:12:48 AM5/27/12
to django...@googlegroups.com
Just try to convert the increasing numeric id in the database to some other obfuscated id.
The lib need to support long type integer range conversion and convert in two directions.
Is there are some id obfuscate libs in django or widely used in django community?
Any one knows that?
Thanks
The lib need to support long type integer range conversion and convert in two directions.
Is there are some id obfuscate libs in django or widely used in django community?
Any one knows that?
Thanks
Marcin Tustin
May 27, 2012, 11:14:00 AM5/27/12
to django...@googlegroups.com
Why would you want this? Arbitrary integers are already completely opaque.
--
Marcin Tustin
Tel: 07773 787 105
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/0lkBciSL24MJ.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Marcin Tustin
Tel: 07773 787 105
Brian Schott
May 27, 2012, 11:56:41 AM5/27/12
to django...@googlegroups.com
Keep in mind that obfuscation isn't security, so the answer really depend on your goal. Â Are you concerned about auto-incrementing integer IDs being sequential in REST urls? Â If so, use named slugs or UUIDs from django-extensions. Â UUIDs aren't obfuscated from a security perspective (they can be deduced), but sufficient for most purposes to make sequencing not obvious. Â You can also use the M2Crypto library to generate a random token and use that to add a home-grown access key. Â The snippet below isn't complete, but hopefully gives you an idea.
.... models.py --
import M2Crypto
from django_extensions.db import fields as extensions
class Foo(models.Model):
  uuid = extensions.UUIDField(
    editable=False,
    help_text="Automatically generated globally unique ID.")
  token = models.CharField(
    help_text="Automatically generated authorization token",
    max_length=255,
    editable=False, default=None, blank=True, null=True)
  def save(self, *args, **kwargs):
    """ set the authorization token on first save """
    if not self.id:
      self.token = base64.urlsafe_b64encode(
        M2Crypto.m2.rand_bytes(16))
    super(Foo, self).save(*args, **kwargs)
-- views.py --
from django.views.generic import DetailView
class FooTokenView(DetailView):
  def get_object(self):
    object = get_object_or_404(Foo,
                  uuid=self.kwargs['uuid'],
                  token=self.kwargs['token'])
    return object
---
forrest yang
May 29, 2012, 4:07:40 AM5/29/12
to django...@googlegroups.com
Thanks, BFSchott
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
--
Marcin Tustin
Tel: 07773 787 105--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages