I use a combination of an id and a random hash value created by uuid.uuid4.hex(). This is in Python, but I'm sure there is something equivalent in Java. The handler looks the entity up with the id, and decides whether to serve it out by comparing the hash in the request and the hash stored in the entity.
This is for relatively inconsequential stuff, i.e. no money involved. For uuid4 see <http://docs.python.org/2/library/uuid.html>. Pertti On Mon, Feb 17, 2014 at 3:52 AM, timh <[email protected]> wrote: > The numeric id's are sparsely generated unless you preallocate ranges, but > they are in a finite range, so in theory some one can guess them. > > Maybe you should hash them (along with some other data) and provide that > instead, then store the hash and use that to lookup the id. > > Alternately implement security (which is most cases is a better solution), > such that no one can use other id's unless they have permission to. > > T > > > On Monday, February 17, 2014 9:23:39 AM UTC+8, Pok wrote: >> >> I can't seem to find any documentations about auto generated numeric keys >> on whether the values are guessable or not. I want to use the key as an >> order number to give to the user, so I need something that is not >> guessable. >> >> I'm using JDO with these annotations in the primary key field >> >> >> @PrimaryKey >> @Persistent(valueStrategy = IdGeneratorStrategy.IDENTITY) >> private Long id; >> >> On the development server, it seems like the keys are sequential, while >> on the live server, it looks like the key is base on the timestamp of the >> transaction. Is there somewhere I can find more information on how these >> keys are generated? Or is there a better way to generate ids that are safe >> to give out as order numbers? >> > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/google-appengine. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
