E-mail verification with keys made with uuid.uuid4. Safety, and uniquness of generated values [closed]

别等时光非礼了梦想. 提交于 2019-12-07 12:18:14

问题


I would like to make e-mail verification in my website.

I plane to send to user email with link to activation, where in link I plan to include key made with:

str(uuid.uuid4())

which will be stored in table, where I also will store boolean indicating either user has used this link (activated the account) and the date which will stand for time when key expires.

My questions:

is it good aproach? safe, reliable? do I have to check either uuid.uuid4() is unique? are uuid.uuid4() values safe for being parts of URL?


回答1:


is it good aproach? safe, reliable? do I have to check either uuid.uuid4() is unique? are uuid.uuid4() values safe for being parts of URL?

Yes, this should be sufficient enough for email verification.

According to Georg Schölly,

uuid4() generates ... a random UUID. The chance of a collision is really, really, really small. Small enough, that you shouldn't worry about it. The problem is, that a bad random-number generator makes it more likely to have collisions.

Who then quoted Bob Aman,

Frankly, in a single application space without malicious actors, the extinction of all life on earth will occur long before you have a collision, even on a version 4 UUID, even if you're generating quite a few UUIDs per second.

So I would say this is safe and reliable for email verification. And there should not be a need to make sure the UUID4 is unique (but I couldn't hurt to check when generating it). Also, as long as the UUID is hex-encoded (its canonical form), it is safe for being part of a URL.



来源:https://stackoverflow.com/questions/23711489/e-mail-verification-with-keys-made-with-uuid-uuid4-safety-and-uniquness-of-gen

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!