Re: Account Activation Email generation and response processing: any design example?

Fri, 16 May 2008 11:16:08 -0700 

The benefit in digest is that the user (or another user) cannot
fabricate it... so easily.

**
Martin

2008/5/16 Matthew Young <[EMAIL PROTECTED]>:
> What is the advantage of using message digest over uuid?  Isn't message
> digest not guaranteed to be unique where as UUID is always unique?
>
> On Thu, May 15, 2008 at 7:39 PM, Martin Makundi <
> [EMAIL PROTECTED]> wrote:
>
>> You could also just use a md5 hashkey with content specific to the account:
>>
>>        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
>>        return new String(messageDigest.digest((encryptionKey +
>> value).getBytes()));
>>
>> **
>> Martin
>>
>> 2008/5/16 Ryan Gravener <[EMAIL PROTECTED]>:
>> > You may also want to have a enum/int to represent what kind of token it
>> is.
>> > New user, new email, forgot password, etc..
>> >
>> > On Thu, May 15, 2008 at 7:01 PM, James Carman <
>> [EMAIL PROTECTED]>
>> > wrote:
>> >
>> >> java.util.UUID.randomUUID().toString()
>> >>
>> >> On Thu, May 15, 2008 at 6:57 PM, Matthew Young <[EMAIL PROTECTED]>
>> wrote:
>> >> > I need to implement the usual account activation via email function.
>>  Can
>> >> > anyone point me to some example of how this is implemented? If in
>> Wicket
>> >> > even better but anything would help me a lot.
>> >> >
>> >> > One question I have is how to generate hard to guess unique keys in
>> the
>> >> > email link? I use Hibernate & MySql, does this give me some easy way
>> to
>> >> > generate these keys? Use Jakarta common-id to generate uuid?
>> >> >
>> >> > I plan to have an activation field in the user table to store the
>> >> activation
>> >> > key, once the user respond to the activation email link, clear the
>> field
>> >> to
>> >> > indicate the account is activated. Is this how it's done?
>> >> >
>> >> > Thanks for any help!
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>> > --
>> > Ryan Gravener
>> > http://twitter.com/ryangravener
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to