Suggestion regarding MySql ID column - Rails -

-

in rails app, instead of creating default mysql/postgres id columns integers, easy guess next number while hitting routes, best way generate id column ( alphanumeric may be?) going hard guess.

i did research on creating uuid's, option? or, there other options?

how generating epoch timestamps , storing them id's on before_save callback each time ?

usings uuid's cover database ids example of security obscurity.

"system security should not depend on secrecy of implementation or components." - national institute of standards , technology

consider cases attacker use knowledge of primary key attack system - sql injection (you're screwed anyways), , brute force attacks. should have better guards in place.

that being said there valid use cases using uuid's - main 1 being distributed databases using sequential auto increment columns prone race conditions.

if have several "write" replications extensive steps have taken make sure id's in sync , problems can occur if records inserted simultaneously in different databases.

when generating unique id hashing algorithm low chance of collision should used. sha-1 algorithm recommended rfc4122. earlier standards used scheme generating computer mac address combined timestamp not deemed opaque enough 1.

mongodb uses 8 bit object id identifiers default - ties in fact built replicate. mongodb uses following construct object ids:

  • a 4-byte value representing seconds since unix epoch,
  • a 3-byte machine identifier,
  • a 2-byte process id, and
  • a 3-byte counter, starting random value.

note these generated database - not web server utilising database.

there several esoteric algorithms designed have high uniqueness without cost of designated password hashing algorithm such blowfish.

conclusion:

use uuid's if can foresee have scaling problem requires database duplication.

whatever algorithm use strong enough avoid pigeonhole problems - should not roll own - problem has been extensively researched , there solutions many man hours behind them available free.

the security gains marginal @ best.


Comments

Post a Comment

Popular posts from this blog

java - Static nested class instance -

-
this question has answer here: java inner class , static nested class 23 answers i came across in java, know static nested class why create instance of 'static'. isn't whole idea of 'static' use without instance? understand concept of inner classes, why (and frankly how possible to) create 'instance' of 'static' member @ ? why this: 1- outerclass.staticnestedclass nestedobject = new outerclass.staticnestedclass(); 2- nestedobject.anestedclassmethod(); and not this: 1- outerclass outerinstance=new outerclass(); 2- outerinstance.staticnestedclass.anestedclassmethod(); use on inner classes, keyword static indicates can access inner class without instance of outer class. for example: public class outer { public static class inner { /* code here. */ } } with construction, can create instance of inn
Read more

c# - Bluetooth LE CanUpdate Characteristic property -

-
i building xamarin.forms cross platform mobile app, uses monkey.robotics bluetoth low energy functionality. connecting mbed based implimentation of custom gatt service . in xamarin c#, triggers characteristic. canupdate property in monkey.robotics? this standard example c# based on: if (characteristic.canupdate) { characteristic.valueupdated += (s, e) => { debug.writeline("characteristic.valueupdated"); device.begininvokeonmainthread( () => { updatedisplay(characteristic); }); isbusy = false; // spin until first result received }; isbusy = true; characteristic.startupdates(); } this has been working, since changed own custom gatt service connecting to, canupdate property false. property , how triggered? me debugging gatt service code. thanks monkey.robotics open sour
Read more

JavaScript - Replace variable from string in all occurrences -

-
ok, know if have character '-' , want remove in places in string javascript, ... someword = someword.replace(/-/g, ''); but, when applying array of characters, s not working ... const badchars = ('\/:*?"<>|').split(''); let filename = title.replace(/ /g, '-').tolocalelowercase(); (let item = 0; item < badchars.length; item++) { // below not work global '/ /g' filename = filename.replace(/badchars[item]/g, ''); } any ideas? /badchars[item]/g looks badchars , literally, followed i , t , e , or m . if you're trying use character badchars[item] , you'll need use regexp constructor, , you'll need escape regex-specific characters. escaping regular expression has been well-covered . using that: filename = filename.replace(new regexp(regexp.quote(badchars[item]), 'g'), ''); but , don't want that. want character class: let filename = title.replac
Read more