• Post Reply Bookmark Topic Watch Topic
  • New Topic

Generate Url randomly  RSS feed

 
Janis Lee
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to generate a url that cannot be bookmarked. It will have to be constructed using some random characters.

Suppose I use java.util.Random to create the random part of my url using 30 characters how easy would it be for a person to guess that url?

What can I do to make my url hard to be guessed?

What can I do to prevent some hacker from programmatically trying out a number of options to connect to my url?

My url is intended for one time use. It will be mailed to a person and he can use it to do some secure operation that should not be permitted to any one else. The validity of the link expires in a short period of time.

Is there a better way to implement this?

Thanks.
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My company uses a secure mail product that does something like that. It sends you a link to your document along with a generated userid & password that you must enter to get into the site.
[ December 22, 2005: Message edited by: Stan James ]
 
Matthew Taylor
Rancher
Posts: 110
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could use the HTTP GET array, which stores variable names and values within the URL itself. That way you can make one page that accepts a secret variable value you include in the link sent to someone.

http://www.example.com/myPage.jsp?randomVariable=jdJEI43890HFLKkejhkF

Then use the HTTP_GET array to get the "randomVariable" value to validate the visitor.
 
Janis Lee
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your responses.
What is the product that you are referring to Stan? I dont think using a product is a viable solution for me.

Peter, can you tell me how secure the solution you suggested is? What kind of measures can I take to prevent it from being hacked by some one who will try out all random combinations possible, programmatically or something?
 
Stuart Ash
Ranch Hand
Posts: 637
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Janis Lee:
Thanks for your responses.
What is the product that you are referring to Stan? I dont think using a product is a viable solution for me.

Peter, can you tell me how secure the solution you suggested is? What kind of measures can I take to prevent it from being hacked by some one who will try out all random combinations possible, programmatically or something?


Janis,

It's quite simple. If you create a String of 64 characters which is randomly generated, what is the possibility that someone could use brute force (aaaaa, aaaaab, aaaaac....) to arrive at the exact string you created? This each time, you create such a random string, and only you know about this string. No malicious hacker can guess such a String.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!