Comments (2)
I think what the author is getting at is that the obfuscated id produced is predictable. The gem behind the integer hashing is buy the same author and claims to be reversible, where as AES is not a hash and cannot be reverse, but an encryption that requires a key to decrypt making identifying the actual DB id nearly impossible.
In my opinion a plain ID, an obfuscated id and an encrypted id are all face the same security issues for a REST API or something. It's SQL injection you need to worry about. In which case AES would obviously be most affective at preventing an injection that could modify someones email address based on ID, but the real need to is to secure the app from SQL injection.
from obfuscate_id.
Hi @arjunmenon , this gem is not for crypto, it is about obfuscation.
Since this repository is kind deprecated, I created a gem with Hashids support, but it still about obfuscation: https://github.com/wbotelhos/idy
I would love your feedback.
from obfuscate_id.
Related Issues (20)
- Breaks when upgrading to Rails 4.1 HOT 3
- Having obfuscate_id in more than one model causes a error. HOT 5
- Updating model with update_attribute doesn't work HOT 5
- Bug on batch actions with ActiveAdmin HOT 1
- reload no longer works HOT 1
- Don't compatible with Rails 4 HOT 18
- Speed for API HOT 1
- Rails 4.2: Unable to use obfuscate_id :spin => 89238723 HOT 4
- Any plan to obfuscate with nice Hashids HOT 3
- RecordNotFound error when using ActionMailer's deliver_later method HOT 9
- bignum too big to convert into `long'
- Unable to find model with obfuscated ID via a has_many / through association HOT 7
- class.find_by() not working HOT 1
- Gem not working with Rails 5 HOT 5
- Obfuscate an ActiveRecord collection
- Can not `lock!`an ActiveRecord instance HOT 1
- Access methods to deobfuscate the ID HOT 1
- ActiveRecord::RecordNotFound: Couldn't find User with an out of range ID
- Is this gem still alive?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from obfuscate_id.