Re: ID generation

From:

Lew <lew@lewscanon.com>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 25 Mar 2008 21:27:37 -0400

Message-ID:

<pc2dnTEHloEUO3TanZ2dnUVZ_uTinZ2d@comcast.com>

Wayne wrote:

David Segall wrote:

Lew <lew@lewscanon.com> wrote:

angelochen960@gmail.com wrote:

Hi Dinis,

Thanks, the need is simple, i just want to use it as part of url,
example:

http://localhost/read/92020202

this will look nicer than using a UID:

Generated or otherwise artificial keys like that should not be
visible at the user level. It defeats their purpose, for one thing.
Only data that have meaning in the problem space should be visible to
consumers of the application. Find a better way.

So how would you suggest I send the URL in a "Click here to confirm
your registration" email to a new subscriber?

How about this: Use a sequence number, encrypted with something like
crypt or an HMAC and encoded to base-64. When the user then clicks
the link, your servlet decodes the link, then decrypts it to recover
the serial number. The user sees a large random-looking link only.
Internally you can use simple sequence numbers in your DB.

The data can be arbitrary, but it has to have meaning in the problem domain,
not just as a database key. A validation token is perfectly valid. The
artificial keys of which I spoke are those used strictly by the database -
those are the ones that shouldn't appear to a user. You could use the token,
such as the one Wayne suggests, or other domain-meaningful data to identify
the record of interest.

--
Lew