Tuesday, December 28, 2010

Re: Urgent Help needed: How to Correct this table so it doesn't have Composite Primary Key?

I would also add that it can be difficult to work with if you need to transpose or retype/re-enter the ids at any time. Having said all that, I think UUIDs have a definite place in an app.

Jeremy Burns
Class Outfit

jeremyburns@classoutfit.com
http://www.classoutfit.com

On 28 Dec 2010, at 20:59, Ryan Schmidt wrote:

>
> On Dec 28, 2010, at 04:39, Jeremy Burns | Class Outfit wrote:
>
>> I *think* the main benefit is obfuscation - if you want to hide the fact that I am only the third user, for example. It also makes it more difficult to guess the id belonging to another row in the table (for example, a table that stores company records).
>
> That's what I would think as well. Take for example Craig's List. Each ad has an auto-increment id, which appears in the email address that you use to respond to the ad, e.g. "sale-12345678 at craigslist dot org". I imagine they were getting a lot of spam under that system, since if you can see what one ad's id is, you can guess others. So now they insert a hash of some kind in addition to that id, e.g. "sale-m4m92-12345678 at craigslist dot org". Now even if you know the sequence of auto-increment ids they use, you can't guess the hash. If they were redesigning the system today, maybe they would omit the auto-increment id altogether and use only a hash (though it would have to be much longer than 5 characters to avoid collisions).
>
> Obfuscation shouldn't be your only security measure, but it can be a helpful additional step in some situations.
>
>
> Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
>
> You received this message because you are subscribed to the Google Groups "CakePHP" group.
> To post to this group, send email to cake-php@googlegroups.com
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en

Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.

You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)