I am planning a webapp that will allow users to create resources without logging in. I plan to use the Google Docs / Pastebin security style by creating unique hard-to-reach URLs. (e.g. example.com/ytasdfweoirue/)
What things should be observed? What recommendations would you use when developing a token generator? What things should I consider? Is there a better character set to choose from?
My backend will most likely be CouchDB, but I'm interested in platform agnostics, general recommendations and problems that can occur on any platform.
Use PRNG
URL- PRNG, Random(). (FYI. .NET GUID , - , )
""
, (javascripts, images, flash- ..). URL REFERRER, URL- . , HTTPS, URL- HTTP .
-, Referrers
REFERRER , , , URL-. ( Open Redirect), JavaScript REFERRER.
, Guid. url:
http://whatever.com/resource/ {guid}
, / , , . javascript, , (.net) .
wikipedia : http://en.wikipedia.org/wiki/Globally_unique_identifier
Source: https://habr.com/ru/post/1779443/More articles:Redirecting everything to a file created by an executable? - redirecttoo few sprintf arguments - phpHow to run SQL Server 2k8 with debugging CLS VS2010 - debuggingDoes fuzzy logic really improve simple machine learning algorithms? - computer-scienceandroid vs iOS who choose - androidThe problem with the Grails cascade from Garm and MYSQL - mysqlAndroid - how can I get Activity to enter text from a dialog - androidScala message bus implementation using Actors? - scalaHow to determine if PREG named groups were used in the template passed to preg_match ()? - phpКак узнать, имеет ли устройство BlackBerry GPS? - geolocationAll Articles