

Free PHP URL shortener script that can shorten over 4 billion URLs - briancray
http://briancray.com/2009/08/26/free-php-url-shortener-script/

======
wooby
Hi, looks like it was a fun project. While you save yourself from checking the
DB for a duplicate hash with your hex id strategy, a side effect of this
technique is that every URL created with your service is effectively public.
For instance, I could start at <http://briancray.com/tests/shorturl/0> and
work my way up through every URL ever shortened by incrementing the id in hex.
Whether this is a vulnerability or undocumented feature is up to you to decide
:)

I bring it up because I ran across the same issue with my own site,
droplink.me. It was a more serious problem for me, because user uploaded files
are supposed to be private. I went with randomly generated URLs.

~~~
briancray
That is a side effect of this strategy, but I figured I'd add my own to the
bunch to give people more choice.

------
growt
the urls could be much shorter if you used a-z and A-Z and not just hex (a-f).
But it saves some lines of code.

