Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Obscuring database id's

I have a table with a primary key that is auto increment. I want to have an image associated with the primary key but I don't want the primary key to be revealed. Would naming the images something like:

$filename = md5($primarykey + $secret_string) . '.jpg';

be a good solution?

I am worried that there could be a collision and a file be over written.

The other option of course is to generate a random string, check it doesnt exist as a file and store it in the database... but id prefer not to store additional data if its unnecessary.

The other option is a logical transformation youtube url style e.g 1=a 2=b but with a randomised order e.g 1=x 2=m... but then there is the chance of it being decoded... plus md5 would probably be lighter than any youtube url function.

I would guess I am dealing with over two million records so what is the likely hood of a collision? Which option would you pick or can you think of a better approach?

like image 902
JimBo Avatar asked Mar 03 '10 20:03

JimBo


People also ask

What is an obfuscated ID?

Obfuscated-IDs is a java open-source library that allows you to easily avoid to expose the internal IDs of your database at web level. Obfuscated-IDs is based on: hashids. hashids.

How do you obfuscate a number?

Three of the most common techniques used to obfuscate data are encryption, tokenization, and data masking. Encryption, tokenization, and data masking work in different ways. Encryption and tokenization are reversible in that the original values can be derived from the obfuscated data.


2 Answers

Use a linear congruential generator. If you choose the values properly, then you will have a pseudorandom sequence with a very large period. No collisions, but note that this is just an obfuscation method and won't provide any real security (but I assume that is not what you are looking for).

like image 77
hrnt Avatar answered Oct 26 '22 00:10

hrnt


I would guess I am dealing with over two million records so what is the likely hood of a collision?

According to Wikipedia, you'll need more than 2*10^19 records to get a 50% probability to have at least one collision, so I'd say you don't have to worry.

like image 41
Michael Borgwardt Avatar answered Oct 25 '22 22:10

Michael Borgwardt