Generating Private, Unique, Secure URLs

Question

I\'d like to generate a secure one-click-access type of url similar to the examples below. I\'ll be using PHP but that is irrelevant as I\'m just looking to understand the under

Answer 1

The id has to be impossible to guess, GUIDs are unique but are not that hard to guess.

You need a good random number generator, every cryptography/encryption library has at least one, I don't know PHP so I can't give you the function name.

Then you have to decide how long your random number will be, you should choose a length so big that anyone guessing a number will get an unassigned number - either:

1. Estimate the number of unique URLs you will have to generate, calculate how many bits you need to represent them all and then double the number of bits (at least).

2. Or, take the largest number your users will accept

Now you have a "secure" number you can just convert it to decimal, hex or base64 and use that string.