Encoding / decoding strings

Diez B. Roggisch deets at nospam.web.de
Fri Jan 5 14:15:00 CET 2007


oliver at obeattie.com wrote:

> Hey Everyone,
> 
> Was just wondering if anyone here could help me. I want to encode (and
> subsequently decode) email addresses to use in URLs. I believe that
> this can be done using MD5.

Are you by chance after a way to create URLs that contain an email which the
server then can extract from them, and this to be tamperproof?

There are several ways to accomplish this - your MD5-suggestion is applyable
when working with a simple secret and by creating an additional parameter.

If you e.g. want an url like this to be secure

http://some.server/path?user_to_register=email@address

you use a secret, and hash the parameters together with the secret using
MD5. The result is then something like 

http://some.server/path?user_to_register=email@address&key=<md5sum>

Then in the server, you perform the same step as above, without the key of
course, and simply check if the MD5-sums are equal.


Anything else requires the use of a encryption algorithm like blowfish or
whatnot, either symetric or public key - I'm not an expert on that though.

Diez



More information about the Python-list mailing list