My thought was if I used the mailbox id (e.g. 123), I get : 00000000-0000-0000-0000-000000000123
This could be OK but, for me, I actually have 4 AOX servers I have accounts on, so I would end up with the situation where I have identical UUIDs for different mailboxes on different servers and that breaks the concept of a UUID which should be universally unique. Since my mail client is asking for the UUID, it's likely it's using that in some way to synchronize messages, so is potentially risky to have collisions as the mail client can mess things up. There is also a theoretical security risk because using an easily derived number would allow a degree of predictability to work out other mailboxes uuid. I'm not sure if this could be made into a real risk or attack, but it is a more defensive programming approach to have something randomly and uniquely generated. That was my reasoning. I know it's less tidy to have a change which affects the database this way, but it still seemed a cleaner approach once the other options were considered and compared with it. Jim On 11/06/2016 21:02, Arnt Gulbrandsen wrote: > Hi, > > why did you use the UUID type and a column instead of constructing a > UUID at read time based on mailboxes.id and mailboxes.uidvalidity? > > Arnt >
