OK, I guess. :) -- Ryan LeTulle
On Fri, Jun 12, 2009 at 7:01 AM, Jochem van Dieten <[email protected]>wrote: > > On Fri, Jun 12, 2009 at 1:38 PM, Ryan Letulle wrote: > > Are you saying that a uuid is inherently insecure? > > Depends on how you use them. > > > > I thought part of the > > uuid was created randomly and for the purposes where I was using it felt > > comfortable. > > Some UUIDs are random, some are completely predictable. The ones > created with the CreateUUID() function are predictable. > > > > Maybe that sense was false. Are you saying to hash something > > else like the person's name and use that and it would be more secure? > > A primary key is just a primary key, it does not have any security > semantics. Even when people know a primary key of a record your code > should check whether the user is allowed to see that record. > Every user has a username and password to authenticate the user, and > you have some sort of permissions system to check whether the user has > permissions to access a record. > > Jochem > > > -- > Jochem van Dieten > http://jochem.vandieten.net/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323446 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
