Nothing to do with security measures for me. Many times I simply don't want anyone accessing another record in the database. I am sure that you can imagine that type of scenario, in case not.... An example would be for an emailed order confirmation with a link back to their order details.(in this case the client does not want someone to fill out user details and create an account for their own reasons) By using an integer it would be extremely easy for someone to view other order details but not so with a uuid.
Sometimes you just have to use your imagination Peter. :) -- Ryan LeTulle On Thu, Jun 11, 2009 at 3:55 PM, Peter Boughton <[email protected]> wrote: > > >The tradeoff will be between a user not being able to play around with the > >querystring (i.e change id=1 to id=2) > > Huh!? > > Please tell me you don't use UUIDs as an alternative to having proper > security/permissions in place? > > Because if you do have proper security there is no playing around that can > happen with incremental ints, and if you don't have security, regardless of > method, all it takes is an uneducated/sloppy user to [accidentily] reveal a > URL/ID in public... :/ > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323435 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
