Hacker News new | past | comments | ask | show | jobs | submit login

What if you use the IP address of the user as a seed for the encryption? Then if someone else used the same key from a different IP they'd get different search terms?



That embeds the IP in the process and could theoretically be reverse-engineered.


Are there session ids? I assume that HMAC(secret + sessionID + ip + search terms) would be fine.


No sessions.


I see you do settings through a cookie or URL params. I'm out of ideas unless you hash the cookie + ip for a session ID fir that purpose.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: