hash(id:secret) should not be reversible, if you use a cryptographic hash.
hash(id) can be brute-forced, on something with so small a range.
On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont wrote: hash is reversible or not? On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel You could just hash it. - Clark On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
corentin.dupont@gmail.com> wrote: So I need to "encrypt" the user ID in some way? What I need is to
associate the user ID to a random number and store the association is a
table? On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient. Erik On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
Yes, having a cookie to keep track of the session if something I plan
to do. On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala wrote: The user id is not necessarily the problem, but rather that you can
impose as another user. For this, one solution is to keep track of a
unique (changing) user token in the cookies and use that for verifying the user. --
Mats Rauhala
MasseR -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
=tf0d
-----END PGP SIGNATURE----- _______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe _______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe _______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe _______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe