开发者

Link encryption with django and python

开发者 https://www.devze.com 2023-01-30 03:29 出处:网络
I\'m having a download application and I want to encrypt the links for file downloads, so that the user doesn\'t know the id of the file. Furthermore I\'d like to include date/time in the link, and ch

I'm having a download application and I want to encrypt the links for file downloads, so that the user doesn't know the id of the file. Furthermore I'd like to include date/time in the link, and check when serving the file if the link is still valid.

There's a similar question asked here, but I'm running into problems with the character encodings, since I'd like to have urls like /file/encrypted_string/ pointing to the views for downloading, so best would be if the encrypted result only contains letters and numbers. I prefer not using a hash, because I do not want to store a mapping hash <> file 开发者_如何学编程somewhere. I do not know if there's a good encryption out there that fulfills my needs...


Sounds like it would be easy, especially if you don't mind using the same encryption key forever. Just delimit a string (/ or : works as well as anything) for the file name, the date/time, and anything else you want to include, then encrypt and b64 it! Remember to use urlsafe_b64encode, not the regular b64encode, which will produce broken urls. It'll be a long string, but so what?

I've done this a few times, using a slight variation: Add a few random characters as the last piece of the key and include that at the beginning or end of the string - more secure than always reusing the same key, without the headaches of a database mapping. As long as your key is complex enough the exposed bits won't be enough to let crackers generate requests at will.

Of course, if the file doesn't exist, don't let them see the decoded result...


By far the easiest way to handle this is to generate a random string for each file, and store a mapping between the key strings and the actual file name or file id. No complex encryption required.

Edit: You will need to store the date anyway to implement expiring the links. So, you can store the expiration date, a long with the key, and periodically cull out expired links from the table.


If your problem is just one of encryption and decryption of short strings, Python's Crypto module makes it a breeze.


You can encode any character into the url, with django, you may use it's urlencode filter.

However, generating a random string and saving the mapping is more secure.

0

精彩评论

暂无评论...
验证码 换一张
取 消