I am developing an
application which allows users to share a link to a simple survey. For this, I want to
generate unique URLs for each survey, so having a URL
like:
http://myapp.com/aBcDe1F
I
want the alpha numeric identifier part of the URL to be pseudo random and somewhat short
(6-8 characters). Now, generating that is easy, but how do I ensure that they are unique
but also pseudo random? Do I have to generate it, then check with a query to the
database to ensure it's not been generated before, and if not, regenerate another string
and try the same process again?
I am aware that
obfuscating the URL this way does not really ensure security by any means, but password
based authentication is ruled out for this application, so I am trying to use a pseudo
random character string.
Yes - I
think you have to do it as you describe. But to be completely pedantic (ummm, I mean
"safe") do not do
this:
do
{
generate a value
check the database
}
while (the value
did not exist)
insert a new row into the
db
There is
a (very) small chance that you could generate the same value for two different users
simultaneously.
Rather, use the value as a
primary key within the database and do
this
do
{
generate a value
insert a new row into the
db
}
while (there was a PK
violation)
No comments:
Post a Comment