How To: Generate Random URL
(Reposting...last post was deleted)
For certain content on a site, I want to implement "security by obscurity" by having the posts show up only in restricted views and by making the URLs for those posts a set of random, unguessable characters (like Microsoft does with GUID).
So, I need guidance in two parts:
-
What module (presumably CCK-related) or trick will create a set of random, unguessable characters that I can then use as replacement token in pathauto?
-
How do I disable the default node URLs (e.g., www.xxx.com/node/123) which still work even when their links have been replaced by pathauto?
Thanks,
Erik
Ical feed
Random tokens
Re: 1, I haven't tried this myself but did find this recent update to the Token module, http://drupal.org/node/194407, and taking a look at the patch it looks like Token should give you the [random-sha1] token which will give a pretty hefty random string. May be useful prepending this with the nid or date or such, in the one in X million chance you get identical sha hashes.
Re: 2, Global Redirect automatically redirects node/* URLs to their aliases, but my guess is that, for security's sake, that won't due for you. All I can think of in that case is .htaccess. Can you forbid access to all node/* paths?
I would stick this at the top of page.tpl.php
<?php//// Show nothing if URL contains /node/ and node is not being edited or tracked or cloned /////
if (arg(2) != "edit" && arg(2) != "clone" && arg(2) != "track" && substr_count(drupal_get_path_alias(request_uri()),"/node/") == 1) {
print "stop trying to hack my site!!!!";
return;
}
?>
tokenSTARTERKIT.module
The starterkit contains random tokens. See the README.txt with recent token module releases for examples.
As others have pointed out, you'll want to block access via the node/NID to make this more secure.
--
http://growingventuresolutions.com | http://drupaldashboard.com | http://drupal.org/books
CCK Computed Field
You can use a computed field that generates a UID for each node and stores it in the database (so it remains constant). Then use that field in the token module.
To prevent access via /node/* URLs others above have posted valid solutions. You'll also want to make sure that nodes aren't accessible in other places, including the /node and /search displays.
If you need help with the snippet for the computed field, feel free to email me at jerome@jeromebaum.com.
Helpful PHP Functions
If you end up writing & calling your own hooks to generate your 'GUID's, here's a link with 4 function examples:
http://phpgoogle.blogspot.com/2007/08/four-ways-to-generate-unique-id-by...
Cheers,