Opened 14 years ago
Closed 14 years ago
#15031 closed (invalid)
I need an alternate ID field with built in validation.
Reported by: | rcfeldmann | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 1.2 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I need users to enter an ID to access other users accounts. I do not want to rely only on the default sequential ID as it would be too easy for an incorrect entry to bring up a different user. Also malicious users can just sit and keep adding/subtacting one to every number to determine my entire user directory.
I would like to add two digits to the end of the ID to make an extended ID. The first part will be the core (django's default sequential number), concatenated with a digit that is calculated from the core's digits, concatenated again with a digit that is calculated from the previous two digits.
Example would be user 00000435 would become user 0000043527. (4+3+5=12 so just use the last digit of 2, 5+2=7 again using last digit if it were > 9)
I was thinking I just need to have an extra field in my database. So I would have ID and ID-Ext and make it appear to users as just one big ID. But here is the trouble.
1) How do I get this to be calculated automatically when a new user is added?
2) How do I get the URLs looking nice? Without the extension, it would be "site/users/00000435/", but I want them to enter "site/users/0000043527/".
Another benefit of this is that my site looks a little more professional without the problem of convincing people to add them to my site seeing their user ID as 00000005 letting them know I only have 4 other users at that point. Instead they see 0000000550.
Trac is for logging known bugs in Django. If you have a "how do I" question, please ask on django-users.