Using Random Longer Non-Sequential IDs


#1

Instead of using sequential integers for IDs for my objects I was
wondering if I could easily make it so that my IDs where longer auto-
generated random strings/integers.

So instead of:
http://www.mydomain.com/user/view/1

Would be:

http://www.mydomain.com/user/view/d81096b87a7c5565f

On top of that… is there big benefits for security reasons to use
non-sequential numbers? Is it worth it?

Thanks :slight_smile:

John K.
http://www.kopanas.com

=====================================================================
http://www.soen.info - source of the freshest software engineering
information on the net
http://cusec.soen.info - software engineering conference


#2

On Feb 12, 2006, at 3:17 PM, John K. wrote:

On top of that… is there big benefits for security reasons to use
non-sequential numbers? Is it worth it?

No, security through obscurity will just give you a false sense of
security.

–
– Tom M.


#3

On Sunday, February 12, 2006, at 6:17 PM, John K. wrote:

http://www.soen.info - source of the freshest software engineering
information on the net
http://cusec.soen.info - software engineering conference


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails

You can add an extra column to your table and generate random unique id
(unique secondary key). We used this approach to display order pages on
http://www.palmsphere.com

Best Regards, Roustem.