Random Resource Identifiers

[smcgregor]

(Good for new people to Privly development)

We need all identifiers on the system to be randomly generated to prevent publicly available content and keys being crawled.

More information for new people: When you generate new content on a rails server, it usually stores it at a URL like /posts/47, where 47 is the unique identifier for the resource. This is a problem for Privly development because we want the server to (1) not store any information it does not require for performing its service, and (2) not give users metadata about the content they are reading unless the user who created it wants to share that metadata. Herein lies the problem: rails traditionally generates URLs where each newly created piece of content, in our case "posts," has an identifier that is one greater than the last created piece of content. This allows users to infer:

1. The relative creation order of content.
2. Whether there is likely content on the server at a particular resource identifier. This is very problematic because bots/crawlers/indexers could crawl each of the URLs in sequence to grab all the public content on the server.

We mitigated problem (2) by adding a random token that permissions every piece of content. Since this random token is only found on Privly-type URLs and on the server, without discovering a Privly URL, it is unlikely that a bot will be able to index content on the server.

However, we have not yet addressed issue (1), which is where you come in. You could change it so that every resource identifier is randomly generated on the server. This requires changing the identifier of the posts model so that its primary key is not auto-incrementing. It also requires some logic that prevents identifier collisions, since simply randomly selecting a resource identifier will eventually result in duplications.

A good place to start appears to be this stack overflow post, but you should also add test coverage and see what happens when you run rake test.

Good hunting/feel free to comment!

[smcgregor]

I added a random token, which is required for access to new posts. Now that new posts cannot be crawled without access to the posted link, I am downgrading this issue to "minor"