How To: Generate Random URL

Events happening in the community are now at Drupal community events on www.drupal.org.
ebrittwebb's picture
Posted by ebrittwebb on September 2, 2009 at 2:31pm

(Reposting...last post was deleted)

For certain content on a site, I want to implement "security by obscurity" by having the posts show up only in restricted views and by making the URLs for those posts a set of random, unguessable characters (like Microsoft does with GUID).

So, I need guidance in two parts:

  1. What module (presumably CCK-related) or trick will create a set of random, unguessable characters that I can then use as replacement token in pathauto?

  2. How do I disable the default node URLs (e.g., www.xxx.com/node/123) which still work even when their links have been replaced by pathauto?

Thanks,
Erik

Categories: , , ,

Comments

Random tokens

Posted by ethanw on September 2, 2009 at 2:49pm
ethanw's picture

Re: 1, I haven't tried this myself but did find this recent update to the Token module, http://drupal.org/node/194407, and taking a look at the patch it looks like Token should give you the [random-sha1] token which will give a pretty hefty random string. May be useful prepending this with the nid or date or such, in the one in X million chance you get identical sha hashes.

Re: 2, Global Redirect automatically redirects node/* URLs to their aliases, but my guess is that, for security's sake, that won't due for you. All I can think of in that case is .htaccess. Can you forbid access to all node/* paths?

I would stick this at the top of page.tpl.php

Posted by peter panes on September 2, 2009 at 3:11pm
peter panes's picture

<?php
//// Show nothing if URL contains /node/ and node is not being edited or tracked or cloned /////
if (arg(2) != "edit" && arg(2) != "clone" && arg(2) != "track" && substr_count(drupal_get_path_alias(request_uri()),"/node/") == 1) {
print "stop trying to hack my site!!!!";
return;
}
?>

tokenSTARTERKIT.module

Posted by greggles on September 2, 2009 at 3:41pm
greggles's picture

The starterkit contains random tokens. See the README.txt with recent token module releases for examples.

As others have pointed out, you'll want to block access via the node/NID to make this more secure.

--
http://growingventuresolutions.com | http://drupaldashboard.com | http://drupal.org/books

knaddison blog | Morris Animal Foundation

CCK Computed Field

Posted by jeromebaum on September 2, 2009 at 4:57pm
jeromebaum's picture

You can use a computed field that generates a UID for each node and stores it in the database (so it remains constant). Then use that field in the token module.

To prevent access via /node/* URLs others above have posted valid solutions. You'll also want to make sure that nodes aren't accessible in other places, including the /node and /search displays.

If you need help with the snippet for the computed field, feel free to email me at jerome@jeromebaum.com.

Helpful PHP Functions

Posted by tylerwalts on September 2, 2009 at 9:03pm
tylerwalts's picture

If you end up writing & calling your own hooks to generate your 'GUID's, here's a link with 4 function examples:

http://phpgoogle.blogspot.com/2007/08/four-ways-to-generate-unique-id-by...

Cheers,

  • Tyler
  • Tyler

Using tokenSTARTERKIT.module for character random string

Posted by amir simantov on March 29, 2010 at 9:36am
amir simantov's picture

Hi guys,

Here you have a function to make a string using alpha-numeric characters. In order to prevent mistakes when one see's the strint, the digit 1 and letter l were omits digit. For preventing making real words (that might conflict with a custom path or even make "bad| words) the vowels are also omitted. Lastly, I have omitted consonants that their names sound phonetically similar: b and p, d ant t, m and n. The letter j is also omitted because non-English speakers are usually mixed in with g.

Well, there are 20 "safe" characters left: 23456789cfhkqrsvwxyz
And, if my calculation is right, then 4 random characters give 160,000 different strings - which is more than enough for me. Please correct me if I was wrong in calculation ;-)

Here is the code which you can put as greggles explained above (read the README in token.module).

<?php
function token_random5_token_list($type = 'all') {
  if ($type == 'global' || $type == 'all') {
    $tokens['global']['random-chars-4']  = t("A randomly generated string.");
  }
  if ($type == 'node' || $type == 'all') {
    // Node tokens here.
  }

  return $tokens;
}

/**
* Implementation of hook_token_values().
*/
function token_random5_token_values($type, $object = NULL) {
  $values = array();
  switch ($type) {
    case 'global':
      $values['random-chars-4']  = genRandomString();

      break;
    case 'node':
      // Node tokens here.
      break;
  }
  return $values;
}

function genRandomString() {
    $length = 4;
    $mycharacters = "23456789cfhkqrsvwxyz";
    $string = "";   
   
    for ($p = 0; $p < $length; $p++) {
        $string .= $mycharacters[mt_rand(0, strlen($mycharacters)-1)];
    }

    return $string;
}
?>

Boston

Group categories

More Specifically

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: