Wednesday, September 26, 2007

Project Names and Borges Numbers

Tom Van Vleck tells an interesting story about how the choice of project names can reveal unintended information. (H/T Making Light)

There is a similar attack that sometimes occurs in Web sites. Someone will notice that their order confirmation page URL is something like example.com/orders/10023993 and wonders what happens if they try to access example.com/orders/10023994.

Solving the problem for order numbers is easy - a simple MAC code will suffice. It is easy to create a sparsely populated set of machine readable identifiers. Solving the problem for human memorable phrases is much harder.

Perhaps one way to go would be to take article titles from wikipedia (there are a couple of million).

No comments: