Instead of using sequential integers for IDs for my objects I was wondering if I could easily make it so that my IDs where longer auto- generated random strings/integers. So instead of: http://www.mydomain.com/user/view/1 Would be: http://www.mydomain.com/user/view/d81096b87a7c5565f On top of that... is there big benefits for security reasons to use non-sequential numbers? Is it worth it? Thanks :-) John K. http://www.kopanas.com ===================================================================== http://www.soen.info - source of the freshest software engineering information on the net http://cusec.soen.info - software engineering conference
on 2006-02-13 01:17
on 2006-02-13 01:42
On Feb 12, 2006, at 3:17 PM, John K. wrote: > On top of that... is there big benefits for security reasons to use > non-sequential numbers? Is it worth it? No, security through obscurity will just give you a false sense of security. -- -- Tom M.
on 2006-02-13 02:23
On Sunday, February 12, 2006, at 6:17 PM, John K. wrote: > >http://www.soen.info - source of the freshest software engineering >information on the net >http://cusec.soen.info - software engineering conference > > >_______________________________________________ >Rails mailing list >email@example.com >http://lists.rubyonrails.org/mailman/listinfo/rails You can add an extra column to your table and generate random unique id (unique secondary key). We used this approach to display order pages on http://www.palmsphere.com Best Regards, Roustem.