GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → wbotelhos → idy

wbotelhos / idy

Licence: MIT License
👓 An ID obfuscator for ActiveRecord

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

railsactiverecordhashidsobfuscationcryptosalturl-shortenerhashobfuscatormask

Projects that are alternatives of or similar to idy

hashseq
A simple proof of work, mainly designed to mitigate DDoS attacks.
Stars: ✭ 20 (+33.33%)
Mutual labels:  crypto, hash
ArduinoSpritzCipher
Spritz encryption system portable C library, CSPRNG, cryptographic hash and MAC functions, symmetric-key data encryption, and general-purpose functions. It's also an Arduino library.
Stars: ✭ 67 (+346.67%)
Mutual labels:  crypto, hash
js-confuser
JS-Confuser is a JavaScript obfuscation tool to make your programs *impossible* to read.
Stars: ✭ 38 (+153.33%)
Mutual labels:  obfuscation, obfuscator
Alom
Alom PHP Obfuscator / Encoder can protect from your codes
Stars: ✭ 50 (+233.33%)
Mutual labels:  obfuscation, obfuscator
laravel-hashid
HashId Implementation on Laravel Eloquent ORM
Stars: ✭ 23 (+53.33%)
Mutual labels:  hashids, hash
rust-hmac-sha256
A small, self-contained SHA256 and HMAC-SHA256 implementation.
Stars: ✭ 24 (+60%)
Mutual labels:  crypto, hash
id-mask
IDMask is a Java library for masking internal ids (e.g. from your DB) when they need to be published to hide their actual value and to prevent forging. It has support optional randomisation has a wide support for various Java types including long, UUID and BigInteger. This library bases its security on strong cryptographic primitives.
Stars: ✭ 39 (+160%)
Mutual labels:  hashids, obfuscation
code-obfuscation
一款iOS代码混淆工具(A code obfuscation tool for iOS.)
Stars: ✭ 32 (+113.33%)
Mutual labels:  obfuscation, obfuscator
jscrypto
Crypto library for Node/ES6/Typescript/Browser.
Stars: ✭ 20 (+33.33%)
Mutual labels:  crypto, hash
harsh
Hashids implementation in Rust
Stars: ✭ 48 (+220%)
Mutual labels:  hashids, hash
Powershell-Obfuscator
Powerful script for logical obfuscation of powershell scripts
Stars: ✭ 27 (+80%)
Mutual labels:  obfuscation, obfuscator
obfuscator
Obfuscate PHP source files with basic XOR encryption in userland code at runtime.
Stars: ✭ 20 (+33.33%)
Mutual labels:  obfuscation, obfuscator
gnirts
Obfuscate string literals in JavaScript code.
Stars: ✭ 65 (+333.33%)
Mutual labels:  obfuscation, obfuscator
CryptionTool
一个CTF+渗透测试工具框架,集成常见加解密,密码、编码转换,端口扫描,字符处理等功能
Stars: ✭ 62 (+313.33%)
Mutual labels:  crypto, hash
hashids.pm
Hashids, ported for Perl
Stars: ✭ 15 (+0%)
Mutual labels:  hashids, hash
rust-sthash
Very fast cryptographic hashing for large messages.
Stars: ✭ 61 (+306.67%)
Mutual labels:  crypto, hash
Forsaken
One of the best Python3.9 obfuscators.
Stars: ✭ 94 (+526.67%)
Mutual labels:  obfuscation, obfuscator
ColonialObfuscator
Java Obfuscator in Beta
Stars: ✭ 23 (+53.33%)
Mutual labels:  obfuscation, obfuscator
simple-sha256
Generate SHA-256 hashes (in Node and the Browser)
Stars: ✭ 42 (+180%)
Mutual labels:  crypto, hash
data obfuscation
Data Obfuscation for C/C++ Code Based on Residue Number Coding (RNC)
Stars: ✭ 15 (+0%)
Mutual labels:  obfuscation, obfuscator
View All Similar Projects ➔

Idy

CI Gem Version Maintainability Coverage Sponsor

An ID obfuscator for ActiveRecord.

Description

Do not let your users knows about your IDs:

  • IDs can make hacker's life easier for a sequential attack;
  • IDs can make crawler's life easier for a sequential scan;
  • With few records on your database it can seem that your business is weak;
  • With many records on your database it can call attention of people.

Make it clean, make it lean, make it hidden.

http://example.com/articles/1 -> http://example.com/articles/My

It uses Hashids to make it pretty.

install

Add the following code on your Gemfile and run bundle install:

gem 'idy'

Usage

On an ActiveRecord model, just add idy callback:

class Article < ApplicationRecord
  idy
end

Try to call on your model the obfuscated ID:

Article.new(id: 1).idy
# My

It will build your Rails URL with that ID too:

Article.new(id: 1).to_param
# localhost:3000/articles/My

Security

Idy is not for encryption, it is about obfuscation. If you want a unbreakable hash, it is not for you.

Collision

To avoid two differents models to generates the same hash for the same ID, by default, the class name is used as a Salt.

Article.new(id: 1).idy
# My

User.new(id: 1).idy
# ex

Salt

You can provide you own:

class Article < ApplicationRecord
  idy salt: 's3cr3t'
end
Article.new(id: 1).idy
# 9A

Idy

As you could see, the method idy, returns the hash representation of your ID:

Article.new(id: 1).idy
# My

If you want get all idys from a collection, just map it:

Article.create
Article.create

Article.select(:id).map(&:idy)
# ["My", "aL"]

Find

Since you add the idy callback to your model, find method will be decorated:

Article.find('My').id
# 1

Keep in mind that if you have some internal code, that you cannot change, using find, the hash version of the id, idy, will be mandatory to correct find the record.

Findy and Findy!

We encourage you to use this methods and avoid tweak find Rails method. As you expect, it will find directly via idy, so a normal integer will be not found, even if it exists on database.

Findy

The bumpless version returns nil when record is not found.

Article.findy('My').id
# 1

Article.findy 'missing'
# nil

Findy!

The bump ! version raises an error when record is not found.

Article.findy!('My').id
# 1

Article.findy! 'missing'
# ActiveRecord::RecordNotFound: Couldn't find Article with 'idy'="missing"

Functions

You can encode a number manually:

Model.idy_encode(idy)

You can decode an idy in case you want to use the ActiveRecord methods with the original ID:

Model.idy_decode(idy)

Testing

Check if your model responds to idy method:

RSpec

it { is_expected.to respond_to(:idy) }

Inspiration

It was inspired and improved from:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].