Encoding / decoding strings
Diez B. Roggisch
deets at nospam.web.de
Fri Jan 5 08:15:00 EST 2007
oliver at obeattie.com wrote:
> Hey Everyone,
>
> Was just wondering if anyone here could help me. I want to encode (and
> subsequently decode) email addresses to use in URLs. I believe that
> this can be done using MD5.
Are you by chance after a way to create URLs that contain an email which the
server then can extract from them, and this to be tamperproof?
There are several ways to accomplish this - your MD5-suggestion is applyable
when working with a simple secret and by creating an additional parameter.
If you e.g. want an url like this to be secure
http://some.server/path?user_to_register=email@address
you use a secret, and hash the parameters together with the secret using
MD5. The result is then something like
http://some.server/path?user_to_register=email@address&key=<md5sum>
Then in the server, you perform the same step as above, without the key of
course, and simply check if the MD5-sums are equal.
Anything else requires the use of a encryption algorithm like blowfish or
whatnot, either symetric or public key - I'm not an expert on that though.
Diez
More information about the Python-list
mailing list