I am working on a Rails application where users can add posts without registration. I want to generate a random, unique key and provide a link to edit their post, for example: http://mygreatapp.com/post/edit/f7smSDf34Sad . Similar approach is used by Craigslist.
My idea was to generate a random, unique string on post creation and save it in the database, together with other post data. Then check if the string in the databases matches the one in the request. Is the solution safe?
How would you implement it?
EDIT: Thanks for responses. However, generating random strings is not an issue. Safety and implementation in the database is my concern.
If I were going to implement this I would use the friendly_id gem since what you’re basically doing is creating a unique slug for each record in your DB. friendly_id by default will use a column to create the slug. You could tell friendly_id to use the
idcolumn and then override theirnormalize_friendly_idmethod.In that method you would generate a unique string and then return it. The text that is returned by this method is what friendly_id will use to generate your slug.
To generate the slug you could simply use an MD5 hash or you could do something like this:
The benefit to using this approach instead of simply creating/storing the slug yourself is that you won’t have to do
Post::find_by_slug(slug), you can still usePost::find(slug)because friendly_id handles looking up the record by the slug.There is a Railscasts episode that covers the friendly_id gem