> Nothing to do with security measures for me. Many times I simply don't want > anyone accessing another record in the database. I am sure that you can > imagine that type of scenario, in case not.... > An example would be for an emailed order confirmation with a link back to > their order details.(in this case the client does not want someone to fill > out user details and create an account for their own reasons) By using an > integer it would be extremely easy for someone to view other order details > but not so with a uuid.
That would be a security issue. If a user can see a record they shouldn't be allowed to see, that by definition is an authorization failure. Authentication and authorization are the two aspects of user security. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more informati ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323438 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
