nikitaavvakumov
UUID corruption in emailed links?
Hi all,
I’m hoping for some insight into a strange issue.
Our app’s Ecto repo is configured to use as primary keys UUIDs in the standard 8-4-4-4-12 format. The app periodically sends out emails with links to resources, such as /orders/<order_uuid>. Emails are generated using Bamboo with EEx templates for both HTML & plain text and sent via SendGrid.
In over 99% of cases, everything appears to work as intended. However, the app occasionally logs an Ecto.Query.CastError error after someone visits a URL that contains an odd string in place of the UUID. Here are a few typical examples: “NjBlNjhlZW”, “MjA1MDNhZT”, “NmMzYzhiZT”, “ZDQzNDYwZj” - 10 characters, upper- and lower-case letters, rarely containing a number. Given their format, these are clearly not carelessly copy-pasted UUID fragments but something else entirely.
None of the supposedly affected users have contacted us, so we can’t connect these strings to UUIDs that should have been in those links.
Is it possible that these links are actually generated by the app when it interpolates UUIDs into the URLs? Could it have something to do with character encoding used by certain email clients? Do these 10-character strings ring any bells at all?
Any help or hints towards a possible explanation will be much appreciated.
Most Liked
easco
I note that if you take such a string and decode it as a base64 encoded value you get back something that is a valid hexadecimal number. For example:
iex(7)> Base.decode64("ZDQzNDYwZj", padding: false)
{:ok, "d43460f"}
But they each seem to decode to a seven digit Hex number so I’m not sure how that might relate to a UUID.
At work we have a front-end on our mail system that rewrites the URLs on incoming messages as a security measure against bogus URLS (I think it’s this - https://www.proofpoint.com/us). Could it be that some of your users are using something similar which looks for “high entropy” hexadecimal strings and tries to protect the user that way?
sribe
I see similar requests all the time, in bursts, and I do NOT have inbound links that use UUIDs. I have assumed that they are some kind of probe or attack.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










