Simon Willison’s Weblog

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using a custom base65 encoding which only uses URL-safe characters. 27th August 2008, 10:18 pm

hash. Douglas Crockford: “Any HTML tag that accepts a src= or href= attribute should also be allowed to take a hash= attribute”—to protect against file tampering and (more importantly) provide a truly robust caching mechanism. 30th March 2008, 6:34 pm