On Fri, Jun 12, 2009 at 1:38 PM, Ryan Letulle wrote: > Are you saying that a uuid is inherently insecure?
Depends on how you use them. > I thought part of the > uuid was created randomly and for the purposes where I was using it felt > comfortable. Some UUIDs are random, some are completely predictable. The ones created with the CreateUUID() function are predictable. > Maybe that sense was false. Are you saying to hash something > else like the person's name and use that and it would be more secure? A primary key is just a primary key, it does not have any security semantics. Even when people know a primary key of a record your code should check whether the user is allowed to see that record. Every user has a username and password to authenticate the user, and you have some sort of permissions system to check whether the user has permissions to access a record. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323445 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4