将UUID转换为短代码是否安全? (仅使用前8个字符) [英] Is it safe to turn a UUID into a short code? (only use first 8 chars)
问题描述
我们在数据库中使用UUID作为主键(由php生成,存储在mysql中)。问题是,当某人想要编辑某些内容或查看其个人资料时,他们在URL末尾有一个巨大的,可怕的,丑陋的uuid字符串。 (edit?id = .....)
We use UUIDs for our primary keys in our db (generated by php, stored in mysql). The problem is that when someone wants to edit something or view their profile, they have this huge, scary, ugly uuid string at the end of the url. (edit?id=.....)
如果我们仅使用前8个字符(第一个连字符之前的所有字符)是否安全(读取:仍唯一) ?
Would it be safe (read: still unique) if we only used the first 8 characters, everything before the first hyphen?
如果不安全,是否有某种方法可以将其转换为其他更短的名称,以便在url中使用,然后可以将其转换回十六进制以用作抬头?我知道我可以对它进行base64编码,使它减少到22个字符,但是还有什么更短的内容吗?
If it is NOT safe, is there some way to translate it into something else shorter for use in the url that could be translated back into the hex to use as a lookup? I know that I can base64 encode it to bring it down to 22 characters, but is there something even shorter?
EDIT
我读过这个问题,它说使用base64。再次,更短吗?
EDIT I have read this question and it said to use base64. again, anything shorter?
推荐答案
缩短UUID会增加发生碰撞的可能性。您可以做到,但这不是一个好主意。仅使用8个字符就意味着仅4个字节的数据,因此,如果您拥有大约2 ^ 16个ID,那么您会期望发生冲突-远非理想。
Shortening the UUID increases the probability of a collision. You can do it, but it's a bad idea. Using only 8 characters means just 4 bytes of data, so you'd expect a collision once you have about 2^16 IDs - far from ideal.
您最好的选择是获取UUID的原始字节(不是十六进制表示形式)并使用base64对其进行编码。或者,不必担心,因为我严重怀疑您的用户是否关心URL中的内容。
Your best option is to take the raw bytes of the UUID (not the hex representation) and encode it using base64. Or, just don't worry much, because I seriously doubt your users care what's in the URL.
这篇关于将UUID转换为短代码是否安全? (仅使用前8个字符)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
