>Are you saying that a uuid is inherently insecure? UUIDs are guaranteed to be unique, but not (afaik) to be unpredictable.
I don't know *how* predictable they might be, but for any secure string I wouldn't want to rely entirely on something with potentially knowable/guessable sources - I would want something derived from both secret information and data that is related to the original record. So, I would most likely use some form of double salted hash that incorporates data that relates to that person - but not necessarily name, since that might be changable. Make sense? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323447 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
