[nycphp-talk] How do you secure a confidential URL w/query sent viaemail?
csnyder
chsnyder at gmail.com
Fri Jul 22 13:48:56 EDT 2005
On 7/22/05, Cliff Hirsch <cliff at pinestream.com> wrote:
> I think I've answered my own question. The very low probability approach
> just may work.
> 20 letters = 26^20, if my high school math is correct, which is
> 2,600,000,000,000,000,000,000
When you factor in uppercase and numerals, the number of possibilities
is even larger. But consider that the code might be a base64-encoded
binary string, which means 256 choices for each byte.
PHP session IDs work the same way. We trust them because they are
large, hard-to-guess random values.
More information about the talk
mailing list