I just want to make it explicit, that I've made quite a few errors in numbers because of poor editing. Still it stays at billions even for a 10-character hexadicamal (gmail says to put 'sp' here ;)). I myself realized the unlikeliness of a conflict by using GIT. I mean if GIT is good enough for keeping thousands of revisions by this system, then the system is fine, but as I said you could always take extra precautions, the degree of those depending on your needs: I mean you could make an app that requires each step to be confirmed by an administrator... I think you see where I am going with this: it's either pure math or you monitoring stuff personally for an extra 0.000001% better. I'd turn to math and statistics in such a case that you described.
BTW is anyone disagreeing with me? I hope so, then please write to this thread so we can come to an optimal solution (or as close as we could get to it in a general case we are talking about). 2012/7/22 Gintautas Šimkus <[email protected]> > Sure! Glad to have helped somewhat. It's a perception thing (at least it > is for me). I mean a string of 10 symbols of hexadecimal characters > (0-through-f) could have 16^10 outcomes (= over 1 trillion = 100 billions). > So just a single random guess (like buying lottery ticket) would give you a > 1 in / 1110 000 000 chance to hit it. > > Most random ID generators (or however they are called) uses 20 or 22 > symbols. So the chance to "guess it" goes to "insanely unlikely". > > > 2012/7/22 Tsvetelina Borisova <[email protected]> > >> Thanks I was looking exactly for answer like yours - Andrei's answer is >> cool and I only needed more theory on these unsubscribe links. Thanks >> Dihital :) >> >> 22 юли 2012, неделя, 17:41:54 UTC+3, Dihital написа: >> >>> Andrei's solution works because with Device gem the User#auth_token is >>> randomly generated and unique per your app. It would be extremely hard to >>> brute-force it, that's why it's safe; though it would be a good idea to >>> make sure you deny 4th or whichever unsuccessful try to use the same action >>> in the same context (i.e. relating to the same user; similarly to that when >>> you get your account locked if you enter PIN 3 times unsuccessfully) if you >>> are expecting to be brute-forced or simply have higher security level >>> required by the client or yourself. >>> >>> The basic principle could be seen put into practice all over the >>> security-related fields: make it harder to brute force it than the data >>> that the "offender" tries to get hold of is worth. >>> >>> 2012/7/22 Tsvetelina Borisova <[email protected]> >>> >>>> Thanks for the quick response :) >>>> >>>> 22 юли 2012, неделя, 15:14:13 UTC+3, Андрей Большов написа: >>>> >>>>> You should look at Devise gem Token Authenticatable solution as >>>>> example. >>>>> You just add "?auth_token=#{@user.auth_**toke**n}" to your unsubsribe >>>>> url. >>>>> >>>>> воскресенье, 22 июля 2012 г., 15:06:58 UTC+4 пользователь Tsvetelina >>>>> Borisova написал: >>>>>> >>>>>> Hello. In my app I send emails to tell that the user has certificate >>>>>> and I want to put a link - Unsubscribe. I don't know how to construct >>>>>> this >>>>>> link so that there won't be users that unsubscribe other users. I mean I >>>>>> want to make that is safe. I look in the web for how these unsubscribe >>>>>> links are made but I couldn't find anything. Can someone help me? Thanks >>>>>> in >>>>>> advance >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ruby on Rails: Talk" group. >>>> To post to this group, send email to rubyonrails-talk@googlegroups.** >>>> com <[email protected]>. >>>> To unsubscribe from this group, send email to >>>> rubyonrails-talk+unsubscribe@**googlegroups.com<rubyonrails-talk%[email protected]> >>>> . >>>> To view this discussion on the web visit https://groups.google.com/d/** >>>> msg/rubyonrails-talk/-/**L46k5wCBkEsJ<https://groups.google.com/d/msg/rubyonrails-talk/-/L46k5wCBkEsJ> >>>> . >>>> >>>> For more options, visit >>>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> >>>> >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/rubyonrails-talk/-/CMBCK2M2zw8J. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
