I’m working on a quote generating system that creates a quote for a user and saves it to a database. I’d like users to be able to share their quotes with friends and family without exposing the auto-incrementing ID (to avoid revealing the number of generated quotes).
I’ve created the following two functions to encode and decode the ID for sharing purposes:
function encode_id($id, $secret_key) {
if (!is_numeric($id)) {
return false;
}else{
return $id ^ $secret_key;
}
}
function decode_id($encoded_id, $secret_key) {
if (!is_numeric($encoded_id)) {
return false;
}else{
return $encoded_id ^ $secret_key;
}
}
However, these functions don’t provide enough randomness and still exhibit a pattern. Are there any best practices or recommendations for implementing a more secure and concise solution, similar to a UUID or uniqid
but not as lengthy?
2
Answers
I ended up going with Hashids with a custom library. Pleased with it.
This is a bidirectional encryption method.
Example :
Try it and tell me if you found it useful