4

I am developing an application which allows users to share a link to a simple survey. For this, I want to generate unique URLs for each survey, so having a URL like:

http://myapp.com/aBcDe1F

I want the alpha numeric identifier part of the URL to be pseudo random and somewhat short (6-8 characters). Now, generating that is easy, but how do I ensure that they are unique but also pseudo random? Do I have to generate it, then check with a query to the database to ensure it's not been generated before, and if not, regenerate another string and try the same process again?

I am aware that obfuscating the URL this way does not really ensure security by any means, but password based authentication is ruled out for this application, so I am trying to use a pseudo random character string.

jeffreyveon
  • 13,400
  • 18
  • 79
  • 129
  • Repeating the creation till you find a unique key sounds fine to me. – Ash Burlaczenko May 04 '11 at 15:38
  • If you have only 6 -8 characters, you must keep it somewhere (database seems to be best solution). Just remember big and small letters in address are not welcomed ;) Depeniding on scale and importance of your project - you can also try to genereate some "very likely unique" code, joining for example current timestamp + user IP or random chaptcha, and masking result e.g. md5() hash (with md5 however length is > 8 alphanumeric). – mj82 May 04 '11 at 15:46

4 Answers4

3

Yes - I think you have to do it as you describe. But to be completely pedantic (ummm, I mean "safe") do not do this:

do
{
    generate a value
    check the database
}
while (the value did not exist)

insert a new row into the db

There is a (very) small chance that you could generate the same value for two different users simultaneously.

Rather, use the value as a primary key within the database and do this

do
{
    generate a value
    insert a new row into the db
}
while (there was a PK violation)
Allison Lock
  • 2,375
  • 15
  • 17
0

Since you are not using it as a key and just for random use of string, you can use this program in Java:

import java.util.Random;

public class randomString { 

    public static void main(String args[]) {

        Random charp = new Random();

        String[] chars = {"a", "b", "c", "d", "e", "f", "g", "h" ,"i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "M", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "1", "2", "3", "4", "5", "6", "7", "8", "9"};

        String[] word = new String[9];

        for(int i = 0; i < 9;i++) {

            word[i] = chars[charp.nextInt(70)];
        }

        System.out.print("Your randomly generated string is: ");

        for(int i = 0; i < 9;i++) {

            System.out.print(word[i]);
        }
    }
}

I know this is a bit low skilled and many other libraries and code such as:

    import java.security.SecureRandom;
    import java.math.BigInteger;

Can be used, but hey we can keep it simple too.

dur
  • 15,689
  • 25
  • 79
  • 125
Nirbhey Singh Pahwa
  • 26
  • 5
0

No language specified, but many languages support the creation of a GUID. Why not use one of those?

Richard Brightwell
  • 3,012
  • 2
  • 20
  • 22
  • I disagree. Look at the URL for this question... `http://stackoverflow.com/questions/5885970/generating-unique-random-alpha-numeric-strings/5886021#5886021` a GUID would be shorter than just the `generating-unique-random-alpha-numeric-strings` part of the URL. – Richard Brightwell May 04 '11 at 15:47
0

Well there are various ways to go about it, one common one is to use the current time and do an md5() on it. Subsequently, you may check against your database if that has been used before. Normally, the probability of having 2 md5() that produce the same string result in close proximity is pretty low.

Other methods include using the user's ip + timestamp as a string and md5() it.

Hope it helps (:

Vern
  • 2,393
  • 1
  • 15
  • 18