Suggestion regarding MySql ID column - Rails -

-

in rails app, instead of creating default mysql/postgres id columns integers, easy guess next number while hitting routes, best way generate id column ( alphanumeric may be?) going hard guess.

i did research on creating uuid's, option? or, there other options?

how generating epoch timestamps , storing them id's on before_save callback each time ?

usings uuid's cover database ids example of security obscurity.

"system security should not depend on secrecy of implementation or components." - national institute of standards , technology

consider cases attacker use knowledge of primary key attack system - sql injection (you're screwed anyways), , brute force attacks. should have better guards in place.

that being said there valid use cases using uuid's - main 1 being distributed databases using sequential auto increment columns prone race conditions.

if have several "write" replications extensive steps have taken make sure id's in sync , problems can occur if records inserted simultaneously in different databases.

when generating unique id hashing algorithm low chance of collision should used. sha-1 algorithm recommended rfc4122. earlier standards used scheme generating computer mac address combined timestamp not deemed opaque enough 1.

mongodb uses 8 bit object id identifiers default - ties in fact built replicate. mongodb uses following construct object ids:

  • a 4-byte value representing seconds since unix epoch,
  • a 3-byte machine identifier,
  • a 2-byte process id, and
  • a 3-byte counter, starting random value.

note these generated database - not web server utilising database.

there several esoteric algorithms designed have high uniqueness without cost of designated password hashing algorithm such blowfish.

conclusion:

use uuid's if can foresee have scaling problem requires database duplication.

whatever algorithm use strong enough avoid pigeonhole problems - should not roll own - problem has been extensively researched , there solutions many man hours behind them available free.

the security gains marginal @ best.


Comments

Post a Comment

Popular posts from this blog

matlab - error with cyclic autocorrelation function -

-
Image
i'm trying code cyclic autocorrelation function in matlab follows: t=0:(n-1); t=t*te; i_alpha=0; tau=-n2*te:te:n2*te; alpha=-1/2:1/n:1/2; ryy_cl=zeros(length(alpha),length(tau)); alpha=alpha/te ind_tau=0; i_alpha=i_alpha+1; k=tau ind_tau=ind_tau+1; if k>0 % ryy_cl(i_alpha,ind_tau)=1/length(sig_bin_syl_mod(1:end- k))*sum((sig_bin_syl_mod(1:end-k)).*sig_bin_syl_mod(k+1:end)).*exp(1i*2*pi*alpha*t(1+k:length(sig_bin_syl_mod(1:end)))); ryy_cl(i_alpha,ind_tau)=(1/n)*sum((sig_bin_syl_mod(1:end-k)).*sig_bin_syl_mod(k+1:end)).*exp(-1i*2*pi*alpha*t(1:end-k)); else ryy_cl(i_alpha,ind_tau)=(1/n)*sum((sig_bin_syl_mod(1-k:end)).*sig_bin_syl_mod(1:end+k)).*exp(-1i*2*pi*alpha*t(1-k:end)); end end end i'm getting errors, , doesn't show expecting. according below formulae, how can fix it? the code provided incomplete, difficult confidently reproduce error. in particular, haven't de...
Read more

django - (fields.E300) Field defines a relation with model 'AbstractEmailUser' which is either not installed, or is abstract -

-
i trying create customuser django project email username , add radio button truck , company. in registration process email-id registered per truck or company. mentioned radio button 'tag' , add manytomany field tag in emailuser model. when makemigrations, raising error : (fields.e300) field defines relation model 'abstractemailuser' either not installed, or abstract. i quite new django , not sure whether have created correct code wants. please me solving this. here code, models.py: import django django.contrib.auth.models import ( abstractbaseuser, baseusermanager, permissionsmixin) django.core.mail import send_mail django.db import models django.utils import timezone django.utils.translation import ugettext_lazy _ class emailusermanager(baseusermanager): """custom manager emailuser.""" def _create_user(self, email, password, is_staff, is_superuser, **extra_fields): """create , save emailus...
Read more

c# - What is a good .Net RefEdit control to use with ExcelDna? -

-
i using exceldna , c# build suite of tools. part of forms i'd want user select cells/ranges workbook. i've got application.inputbox route working...but doesn't cool... i haven't read many things excel's refedit control, , see many have in past written workarounds, in (shudder) vba or vb.net. however, none of these seem recent... best approach/control refedit functionality on form run via exceldna (if applicable)? the refedit sample project of github explores different ways of dealing threading when showing form excel add-in, main issue making refedit control .net add-in. check page links various other implementations: https://github.com/excel-dna/exceldna/wiki/links-about-refedit
Read more