Bill Moseley wrote:
Last time I checked there were an infinite of integers. (And I'm not
planning on counting them again.)
I feel that we are talking past each other. Perhaps I was insufficiently
clear in my writing.
I don't have a special preference for alphabetic strings over numeric
strings. I just feel that the identifiers should not be allocated in a
trivially predictable order, **particularly** in situations where
publicly accessible content is mixed with restricted (or as yet
unreleased) content.
Using md5s for images, as in your example, is fine. But if the images
really needed to be protected then that scheme is purely security by
obscurity.
Um, yes. As are passwords. And many other means of authentication.
That's what we were talking about -- the case where some
user might type in the next sequence and see someone else's data. If
the images belonged to users you would probably want to make sure the
request is authorized to view the image instead of relying on just
obscuring the url.
I refer you to my previous note on a real-life example of a system where
that would be relatively difficult, and significantly more complex.
Adding layers of security are fine -- but you have to be careful that
the added complexity doesn't also make it easier to leave open a hole.
I definitely agree. However, I fail to see how using a long numeric (or
alphanumeric, doesn't really matter) string instead of a simply
incrementing table key would open a hole. Perhaps you could describe to
me where you see the danger in this approach?
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
