Re: Is there are some id obfuscate libs in django?

Thanks, BFSchott

I found a lib at last.

https://github.com/JordanReiter/django-id-obfuscator

Thanks

On Sunday, May 27, 2012 11:56:41 PM UTC+8, BFSchott wrote:

Keep in mind that obfuscation isn't security, so the answer really depend on your goal.  Are you concerned about auto-incrementing integer IDs being sequential in REST urls?  If so, use named slugs or UUIDs from django-extensions.  UUIDs aren't obfuscated from a security perspective (they can be deduced), but sufficient for most purposes to make sequencing not obvious.  You can also use the M2Crypto library to generate a random token and use that to add a home-grown access key.  The snippet below isn't complete, but hopefully gives you an idea.

.... models.py --

import M2Crypto

from django_extensions.db import fields as extensions

class Foo(models.Model):

    uuid = extensions.UUIDField(

        editable=False,

        help_text="Automatically generated globally unique ID.")

    token = models.CharField(

        help_text="Automatically generated authorization token",

        max_length=255,

        editable=False, default=None, blank=True, null=True)

    def save(self, *args, **kwargs):

        """ set the authorization token on first save """

        if not self.id:

            self.token = base64.urlsafe_b64encode(

                M2Crypto.m2.rand_bytes(16))

        super(Foo, self).save(*args, **kwargs)

-- views.py --

from django.views.generic import DetailView

class FooTokenView(DetailView):

    def get_object(self):

        object = get_object_or_404(Foo,

                                   uuid=self.kwargs['uuid'],

                                   token=self.kwargs['token'])

        return object

---

Brian Schott

bfschott@gmail.com

On May 27, 2012, at 11:14 AM, Marcin Tustin wrote:

Why would you want this? Arbitrary integers are already completely opaque.

On Sun, May 27, 2012 at 4:12 PM, forrest yang <Gforrest.yang@gmail.com> wrote:

Just try to convert the increasing numeric id in the database to some other obfuscated id.
The lib need to support long type integer range conversion and convert in two directions.
Is there are some id obfuscate libs in django or widely used in django community?

Any one knows that?

Thanks

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/0lkBciSL24MJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

--
Marcin Tustin
Tel: 07773 787 105

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/GHpLnp6WlW8J.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.