hash(id:secret) should not be reversible, if you use a cryptographic hash. hash(id) can be brute-forced, on something with so small a range.
On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont <corentin.dup...@gmail.com > wrote: > hash is reversible or not? > > > On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <cgae...@uwaterloo.ca>wrote: > >> You could just hash it. >> >> - Clark >> >> >> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont < >> corentin.dup...@gmail.com> wrote: >> >>> So I need to "encrypt" the user ID in some way? What I need is to >>> associate the user ID to a random number and store the association is a >>> table? >>> >>> >>> >>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hessel...@gmail.com>wrote: >>> >>>> Note that cookies are not the solution here. Cookies are just as user >>>> controlled as the url, just less visible. What you need is a session >>>> id: a mapping from a non-consecutive, non-guessable, secret token to >>>> the user id (which is sequential and thus guessable, and often exposed >>>> in urls etc.). It doesn't matter if you then store it in the url or a >>>> cookie. Cookies are just more convenient. >>>> >>>> Erik >>>> >>>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont >>>> <corentin.dup...@gmail.com> wrote: >>>> > Yes, having a cookie to keep track of the session if something I plan >>>> to do. >>>> > >>>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauh...@gmail.com >>>> > >>>> > wrote: >>>> >> >>>> >> The user id is not necessarily the problem, but rather that you can >>>> >> impose as another user. For this, one solution is to keep track of a >>>> >> unique (changing) user token in the cookies and use that for >>>> verifying >>>> >> the user. >>>> >> >>>> >> -- >>>> >> Mats Rauhala >>>> >> MasseR >>>> >> >>>> >> -----BEGIN PGP SIGNATURE----- >>>> >> Version: GnuPG v1.4.10 (GNU/Linux) >>>> >> >>>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql >>>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt >>>> >> =tf0d >>>> >> -----END PGP SIGNATURE----- >>>> >> >>>> >> >>>> >> _______________________________________________ >>>> >> Haskell-Cafe mailing list >>>> >> Haskell-Cafe@haskell.org >>>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe >>>> >> >>>> > >>>> > >>>> > _______________________________________________ >>>> > Haskell-Cafe mailing list >>>> > Haskell-Cafe@haskell.org >>>> > http://www.haskell.org/mailman/listinfo/haskell-cafe >>>> > >>>> >>> >>> >>> _______________________________________________ >>> Haskell-Cafe mailing list >>> Haskell-Cafe@haskell.org >>> http://www.haskell.org/mailman/listinfo/haskell-cafe >>> >>> >> > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe > >
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe