NAME Dancer::Plugin::EncodeID - Encode/Decode (or obfuscate) IDs in URLs VERSION version 0.01 SYNOPSIS use Dancer; use Dancer::Plugin::EncodeID; set show_errors => true; # Set the secret key (better yet: put this in your config.yml) setting plugins => { EncodeID => { secret => 'my_secret_key' } }; # Generate an encoded/obfuscaed ID in URL # # When the user visits this page, she will see URLs such as: # http://myserver.com/item/c98ea08a8e8ad715 # instead of # http://myserver.com/item/42 # get '/' => sub { # Any ID (numeric or alpha-numeric) you want to obfuscate my $clear_text_id = int(rand(42)+1); # Encode the ID, generate the URL my $encoded_id = encode_id($clear_text_id); my $url = request->uri_for("/item/$encoded_id"); return "Link for Item $clear_text_id: $url"; }; # # Decode a given ID, show the requested item # get '/item/:encoded_id' => sub { # Decode the ID back to clear-text my $clear_text_id = decode_id( params->{encoded_id} ) ; return "Showing item '$clear_text_id'"; }; dance; DESCRIPTION This module aims to make it as easy as possible to obfuscate internal IDs when using them in a URL given to users. Instead of seeing http://myserver.com/item/42 users will see http://myserver.com/item/c98ea08a8e8ad715 . This will prevent nosy users from trying to iterate all items based on a simple ID in the URL. CONFIGURATION Configuration requires a secret key at a minimum. Either put this in your config.yml file: plugins: EncodeID: secret: 'my_secret_password' Or set the secret key at run time, with: setting plugins => { EncodeID => { secret => 'my_secret_code' } }; AUTHOR Assaf Gordon, `' BUGS THIS MODULE IS NOT SECURE. The encoded ID are not strongly encrypted in any way. The goal is obfuscation, not security. A possible improvement would be to use Crypt::CBC on top of Crypt::Blowfish, but that would generate IDs that are at least 48 characters long. The secret key can not be changed once loaded. Please report any bugs or feature requests to https://github.com/agordon/Dancer-Plugin-EncodeID/issues SEE ALSO Dancer, Dancer::Plugin SUPPORT You can find documentation for this module with the perldoc command. perldoc Dancer::Plugin::EncodeID ACKNOWLEDGEMENTS Idea and implementation for this module were greatly influenced by similar mechanism used in the Galaxy project (http://usegalaxy.org). LICENSE AND COPYRIGHT Copyright 2011 Assaf Gordon. This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License. See http://dev.perl.org/licenses/ for more information.