View Full Version : MD5-ing a URL

11-05-2007, 05:30 PM
This is more of a thinking-out-loud post, but...

So you know when you get HTML emails and stuff, and the links in them are like: www.domain.com/?81c542367cbf72bb1cc19cbcd91089cd

I want to do that.

I've got myself an MD5-generating script, so that's all good. But I'm assuming that all you do is generate these things into a lookup table in your database, and then when someone clicks such a link, your URL-processing page simply checks that the querystring consists of a 32-character alphanumeric string, looks up that string in the database and takes the appropriate action. It might be a straight redirect (for example to a campaign-specific landing page), it might be an action (for example, unsubscribe the user) followed by a redirect to a static, generic thankyou page.

I guess I've got two... queries. Firstly, I'm thinking that the advantages of using MD5-hashed URLS are that (a) you get to hide a URL that might otherwise give away sensitive information about the folder structure of your application, and (b) you can put a load of information - user id, action to take, redirect url, etc - into one 32-character string. Is that about right? If I'm wrong about why to use MD5'd URLs, then I'm probably using them wrong, too :D

Secondly... this.. dropping them into the database thing. Have I got that right? Because if I'm sending, say, 1000 emails a time, each with... 5 links in... then my lookup table is going to get very big, very fast. Is there another way?

Apologies for the vague and nebulous post. Any suggestions or guidance would be appreciated.


11-05-2007, 07:43 PM
Your looking into URL masking, although I do like the idea behind md5'ing using a db backend ... very nice ... but your right you would get a massive database very quickly ...

I believe you would be best off looking for an ISAPI filter for IIS that does this for you, although if your on a shared web host like I am this is difficult.

There's plenty of stuff out there on google. Is this what you're looking for or am I totally out of left field on this one ?

Whatever Jr.
11-06-2007, 09:20 AM
The amount emails doens't matter. You need a hashed string for each action (redirect, update, etc).
and if you have ids for specific campaigns, just add them to the querystring.

Then you know that only the first 32 characters are a string, the rest is a unique ID.

HTH, Tom

11-06-2007, 10:09 AM
Ah, that's not a bad idea. Have a small number of hashed keys that correspond to a combination of, say, campaign ID and action, and simply drop the contact ID - which is the one that would have to be unique per email - onto the end.

Ta :)

(bootcom - ISAPI filter might do it, but I'd prefer to keep this within my application code for portability)