[Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules
David Thomas
davidleothomas at gmail.com
Wed Feb 27 20:31:15 CET 2013
hash(id:secret) should not be reversible, if you use a cryptographic hash.
hash(id) can be brute-forced, on something with so small a range.
On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont <corentin.dupont at gmail.com
> wrote:
> hash is reversible or not?
>
>
> On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <cgaebel at uwaterloo.ca>wrote:
>
>> You could just hash it.
>>
>> - Clark
>>
>>
>> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> So I need to "encrypt" the user ID in some way? What I need is to
>>> associate the user ID to a random number and store the association is a
>>> table?
>>>
>>>
>>>
>>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink at gmail.com>wrote:
>>>
>>>> Note that cookies are not the solution here. Cookies are just as user
>>>> controlled as the url, just less visible. What you need is a session
>>>> id: a mapping from a non-consecutive, non-guessable, secret token to
>>>> the user id (which is sequential and thus guessable, and often exposed
>>>> in urls etc.). It doesn't matter if you then store it in the url or a
>>>> cookie. Cookies are just more convenient.
>>>>
>>>> Erik
>>>>
>>>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>>> <corentin.dupont at gmail.com> wrote:
>>>> > Yes, having a cookie to keep track of the session if something I plan
>>>> to do.
>>>> >
>>>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala at gmail.com
>>>> >
>>>> > wrote:
>>>> >>
>>>> >> The user id is not necessarily the problem, but rather that you can
>>>> >> impose as another user. For this, one solution is to keep track of a
>>>> >> unique (changing) user token in the cookies and use that for
>>>> verifying
>>>> >> the user.
>>>> >>
>>>> >> --
>>>> >> Mats Rauhala
>>>> >> MasseR
>>>> >>
>>>> >> -----BEGIN PGP SIGNATURE-----
>>>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>>>> >>
>>>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>>>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>>>> >> =tf0d
>>>> >> -----END PGP SIGNATURE-----
>>>> >>
>>>> >>
>>>> >> _______________________________________________
>>>> >> Haskell-Cafe mailing list
>>>> >> Haskell-Cafe at haskell.org
>>>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>>> >>
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Haskell-Cafe mailing list
>>>> > Haskell-Cafe at haskell.org
>>>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>>>> >
>>>>
>>>
>>>
>>> _______________________________________________
>>> Haskell-Cafe mailing list
>>> Haskell-Cafe at haskell.org
>>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>>
>>>
>>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20130227/da12567e/attachment-0001.htm>
More information about the Haskell-Cafe
mailing list