CFML implementation of nanoid, secure URL-friendly unique ID generation.
- A tiny, secure URL-friendly unique string ID generator for JavaScript
- Safe. It uses
SHA1PRNG(default),IBMSecureRandom,NativePRNG,NativePRNGBlockingorNativePRNGNonBlockingalgorithms to assist in a proper distribution of symbols. - Compact. It uses more symbols than UUID (
A-Za-z0-9_-) and has the same number of unique options in just 21 symbols instead of 36.
Instantiate the component:
nanoId = new nanoId();Generates compact ID using settings. (Defaults to 21 characters of the alphabet 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz- using SHA1PRNG algorithm.)
writeOutput(nanoId.generate());
// jLWi7TKamN1zqpE_Z00AbOne-time override for a single ID generation
writeOutput(nanoId.generate(alphabet="ABCDEFGHJKLMNPQRSTUVXYZ"));
// XYDADCEJSYBMDLLTREBEF
writeOutput(nanoId.generate(size=12));
// 2PBPRu7HRoJP
writeOutput(nanoId.generate(algorithm="NativePRNG"));
// fkDNYl2snoOXMegoFi_Dr
// Using 2 ordered arguments
writeOutput(nanoId.generate("ABCDEFGHIJKLMNOPQRSTUVXYZ", 12));
// THTMYMVEGMAV
// Using 3 ordered arguments
writeOutput(nanoId.generate("ABCDEFGHIJKLMNOPQRSTUVXYZ", 12, "IBMSecureRandom"));
// RMQFYHVJIMEZSets a custom characters for all subsequent ID generations. A dictionary name can also be used. (Defaults to 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz-.)
nanoId.setAlphabet("ABCDEFGHJKLMNPQSTUVWXYZ");
// no outputSets custom string length for all subsequent ID generations. (Defaults to 21)
nanoId.setSize(12);
// no outputSets secure or non-secure generation type. (Defaults to SHA1PRNG. Options are SHA1PRNG, IBMSecureRandom, NativePRNG, NativePRNGBlocking, NativePRNGNonBlocking.)
nanoId.setAlgorithm("IBMSecureRandom");
// no output| Algorithm | Notes |
|---|---|
| SHA1PRNG | Initial seeding is currently done via a combination of system attributes and the java.security entropy gathering device |
| IBMSecureRandom | This implementation uses a SHA-1 message digest and computes the hash over a true-random seed value. |
| NativePRNG | (nextBytes() uses /dev/urandom, generateSeed() uses /dev/random) |
| NativePRNGBlocking | (nextBytes() and generateSeed() use /dev/random) |
| NativePRNGNonBlocking | (nextBytes() and generateSeed() use /dev/urandom) |
| Code | Description | Characters |
|---|---|---|
| default | Default | 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz- |
| numbers | Numbers from 0 to 9 | 0123456789 |
| hexadecimalLowercase | Lowercase English hexadecimal lowercase characters | 0123456789abcdef |
| hexadecimalUppercase | Lowercase English hexadecimal uppercase characters | 0123456789ABCDEF |
| lowercase | Lowercase English letters | abcdefghijklmnopqrstuvwxyz |
| uppercase | Uppercase English letters | ABCDEFGHIJKLMNOPQRSTUVWXYZ |
| alphanumeric | Combination of all the lowercase, uppercase characters & numbers from 0 to 9. Does not include any symbols or special characters | 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz |
| nolookalikes | Numbers & english alphabet without lookalikes: 1, l, I, 0, O, o, u, v, 5, S, s, 2, Z. |
346789ABCDEFGHJKLMNPQRTUVWXYabcdefghijkmnpqrtwxyz |
| nolookalikesSafe | Same as noolookalikes but with removed vowels & following letters: 3, 4, x, X, V. This list should protect you from accidentally getting obscene words in generated strings. |
6789BCDFGHJKLMNPQRTWbcdfghjkmnpqrtwz |
| Algorithm | Speed |
|---|---|
| SHA1PRNG | 8,832 ops/sec |
| IBMSecureRandom | 13,411 ops/sec |
| NativePRNG | 12,383 ops/sec |
| NativePRNGBlocking | 12,942 ops/sec |
| NativePRNGNonBlocking | 12,822 ops/sec |
Test Configuration: ColdFusion Developer 2016.0.17.325979 / Windows Server 2016 / Java 11.0.11+9-LTS-194
Research to determine if Java native java.security.SecureRandom is sufficient and whether there are any hardware random generator options available.