> > Doesn't require a UUID as the PK, just something unique and unpredictable > for that piece of functionality, which could be derived/hashed from any > static column(s).
Peter, Are you saying that a uuid is inherently insecure? I thought part of the uuid was created randomly and for the purposes where I was using it felt comfortable. Maybe that sense was false. Are you saying to hash something else like the person's name and use that and it would be more secure? or Are you saying don't do anything like this at all? -- Ryan LeTulle On Fri, Jun 12, 2009 at 6:33 AM, Ryan Letulle <bayous...@gmail.com> wrote: > Are you guys saying that I should force my client to require their client > to create a user account? Or am I missing something here in the symantics. > Because I don't see another solution. > > BTW I am not talking about guarding Fort Knox here. > > -- > Ryan LeTulle > > > > On Fri, Jun 12, 2009 at 4:21 AM, Tom Chiverton < > tom.chiver...@halliwells.com> wrote: > >> >> On Friday 12 Jun 2009, Ryan Letulle wrote: >> > An example would be for an emailed order confirmation with a link back >> to >> > their order details. ... By using an >> > integer it would be extremely easy for someone to view other order >> details >> > but not so with a uuid. >> >> But surely your getOrderFromOrderId() method checks that the id number it >> is >> given belongs to the currently logged in user... oh... ummm ?:-) >> >> -- >> Helping to paradigmatically seize B2B professional dot-com convergence as >> part >> of the IT team of the year, '09 and '08 >> >> Tom Chiverton >> Developer >> Tel: +44 0161 618 5032 >> Fax: +44 0161 618 5099 >> tom.chiver...@halliwells.com >> 3 Hardman Square, Manchester, M3 3EB >> www.Halliwells.com >> >> **************************************************** >> >> This email is sent for and on behalf of Halliwells LLP. >> >> Halliwells LLP is a limited liability partnership registered in England >> and Wales under registered number OC307980 whose registered office address >> is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. >> A list of members is available for inspection at the registered office >> together with a list of those non members who are referred to as partners. >> We use the word “partner” to refer to a member of the LLP, or an employee or >> consultant with equivalent standing and qualifications. Regulated by the >> Solicitors Regulation Authority. >> >> CONFIDENTIALITY >> >> This email is intended only for the use of the addressee named above and >> may be confidential or legally privileged. If you are not the addressee you >> must not read it and must not use any information contained in nor copy it >> nor inform any person other than Halliwells LLP or the addressee of its >> existence or contents. If you have received this email in error please >> delete it and notify Halliwells LLP IT Department on 0870 365 2500. >> >> For more information about Halliwells LLP visit www.Halliwells.com. >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323444 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
