在业务系统中,通常都存在着根据id查询详细信息的场景,比如GET /item/100,获取id为100的商品,这是最常规的做法,但不适用于对外服务,因为数字id泄露了内部信息,通过更改id可以访问其他数据,如果使用程序脚本还可以把所有数据爬下来,另外通常id是递增的,id较小通常代表创建时间早。
因而对外服务中我们需要对id做混淆,合格的算法混淆后的id通常需要达到以下几点:
-
随机数字或字符串
-
无特征,相邻id混淆后非递增、非相近数字或字符串
public class IDObfuscation { | |
private static final char[] ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".toCharArray(); | |
private static final int BASE = ALPHABET.length; | |
private static final byte[] PADDING = {0x29, 0x28, 0x27, 0x26, 0x25, 0x24, 0x23, 0x22, 0x21, 0x20, 0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x17}; | |
private static final byte NEGATIVE = 0x2A; | |
private int key; | |
public IDObfuscation(int key) { | |
this.key = key; | |
} |
(ns | |
^{:doc "Concurrent keyed pool implementation using ConcurrentHashMap and ConcurrentLinkedQueue"} | |
kafka-clj.pool-impl | |
(:use criterium.core) | |
(:import (java.util.concurrent ConcurrentLinkedQueue ConcurrentHashMap Semaphore ExecutorService Executors TimeUnit))) | |
;; add [criterium "0.4.4"] to you're project.clj file | |
;; then use run-test-cc and run-test-a | |
;; | |
;; Results for both ConcurrentLinkedQueue + Semaphore and for atom + vector access is the same |