Shulou(Shulou.com)06/02 Report--

The main content of this article is to explain "what is short URL security". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what is short URL security"?

What is a short URL (Short URL)? As the name implies, it is a relatively short URL in form. At present, it is mainly with the help of short URL to replace the original lengthy URL, which is convenient for transmission.

And share. Short URL service is a service that converts a long URL into a short URL, which not only facilitates the majority of netizens, but also brings certain security risks.

First, the basis of short web sites

The short URL service can provide a very short URL to replace the original possibly longer URL, shortening the long URL address. When the user accesses the shortened URL, the

Will often be redirected to the original URL. Short URL service mainly originated from some Weibo guest services with word limit, but it is now widely used in text messages, e-mails and so on.

Many security issues are related to security scenarios, and security issues change as the scenario changes. The original intention of the short URL is to limit the number of words on Weibo.

The use of the platform, that is to say, it is basically public, but in the subsequent personal text messages and e-mails, some of them are already private. This directly led to the short URL first.

A relatively large potential risk.

Before we understand the risks and vulnerabilities of short URLs, we should first understand what short URLs are and how they work.

The basic process of the short URL service: the user submits the long URL to the short URL service. After the short URL service is processed by URL, the conversion algorithm is used for the long URL.

Convert, and finally store the long URL and the short URL in the database. Some short URL services in order to prevent continuous conversion of short addresses or provide some display length

URL TITLE function, so the long URL will be visited.

-- if necessary, you can + V mkapi002--.

Let me use three simple examples to introduce the corresponding algorithm:

(1) binary algorithm:

Algorithm description: an arbitrary binary algorithm with 62 characters in numbers, uppercase and lowercase letters.

The ID is incremented in the database. When ID is 233, the calculation process of the corresponding short URL is as follows:

① sets the sequence to "0123456789abcdefghijklmnopqrstuvwxyz"

② 233x36006

③ 233% 36 = 17

④ takes 6 digits and 17 digits of the above characters in turn, then 6h

The generated short URL is xx.xx/6h.

(2) Random number algorithm:

A brief description of the algorithm: make any random digit selection of the candidate characters each time, and check whether it is repeated after splicing.

If the required number of digits is 2, the corresponding short address is calculated as follows:

① sets the character sequence "0123456789abcdefghijklmnopqrstuvwxyz"

According to the number of characters, ② sets the maximum value to 35 and the minimum value to 0, and takes 2 random numbers and assumes: 6 and 17.

If ③ takes 6 and 17 digits of the above characters in turn, it will be 6h.

The generated short URL is xx.xx/6h.

(3) HASH algorithm:

Algorithm description: perform hash operation on id (optional: use random number to add salt) and check whether it is repeated

Set ID to self-increment. If ID=233, the corresponding short address is calculated as follows:

① takes random number as salt.

② encrypts 233s with sha1: aaccb8bb2b4c442a7c16a9b209c9ff448c6c5f35:2

The number of digits required for ③ is 7, and the first seven digits of the above encryption result are: aaccb8

The generated short URL is xx.xx/2e8c027.

At this point, I believe you have a deeper understanding of "what is short URL security". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.