将 UUID 转换为短代码是否安全?(仅使用前 8 个字符)
我们使用 UUID 作为数据库中的主键(由 php 生成,存储在 mysql 中).问题是,当有人想要编辑某些东西或查看他们的个人资料时,他们在 url 的末尾有一个巨大的、可怕的、丑陋的 uuid 字符串.(编辑?id=.....)
We use UUIDs for our primary keys in our db (generated by php, stored in mysql). The problem is that when someone wants to edit something or view their profile, they have this huge, scary, ugly uuid string at the end of the url. (edit?id=.....)
如果我们只使用前 8 个字符,即第一个连字符之前的所有字符,是否安全(阅读:仍然是唯一的)?
Would it be safe (read: still unique) if we only used the first 8 characters, everything before the first hyphen?
如果它不安全,是否有某种方法可以将其转换为更短的内容以在 url 中使用,可以将其转换回十六进制以用作查找?我知道我可以对其进行 base64 编码以将其减少到 22 个字符,但还有更短的吗?
If it is NOT safe, is there some way to translate it into something else shorter for use in the url that could be translated back into the hex to use as a lookup? I know that I can base64 encode it to bring it down to 22 characters, but is there something even shorter?
编辑我已阅读 这个问题,它说要使用 base64.再说一遍,还有更短的吗?
EDIT I have read this question and it said to use base64. again, anything shorter?
推荐答案
缩短 UUID 会增加发生冲突的概率.你可以这样做,但这是个坏主意.仅使用 8 个字符意味着只有 4 个字节的数据,因此一旦您拥有大约 2^16 个 ID,您就会预期会发生冲突 - 远非理想.
Shortening the UUID increases the probability of a collision. You can do it, but it's a bad idea. Using only 8 characters means just 4 bytes of data, so you'd expect a collision once you have about 2^16 IDs - far from ideal.
您最好的选择是获取 UUID 的原始字节(不是十六进制表示)并使用 base64 对其进行编码.或者,不要太担心,因为我严重怀疑您的用户是否关心 URL 中的内容.
Your best option is to take the raw bytes of the UUID (not the hex representation) and encode it using base64. Or, just don't worry much, because I seriously doubt your users care what's in the URL.
相关文章