| From: | "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net> |
|---|---|
| To: | Steve Midgley <public(at)misuse(dot)org> |
| Cc: | lance(at)uiuc(dot)edu, pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Create on insert a unique random number |
| Date: | 2008-03-18 19:36:13 |
| Message-ID: | 20080318153613.364cf08d.darcy@druid.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Tue, 18 Mar 2008 12:23:35 -0700
Steve Midgley <public(at)misuse(dot)org> wrote:
> 1) Create a second field (as someone recommend on this list) that is an
> MD5 of your primary key. Use that as your "accessor" index from the web
I strongly disagree for three reasons. First, if you are going to
generate a key then don't store it. Just generate it every time.
Second, don't generate it based on a known field. You may think that
it is secure but what if you private key is compromised? Do you then
change everyone's security code? Third, what if one person's
code is compromised? If it is based on a calculation then you
can't change that one person's security code.
Generate a random number and store that. You will be much happier when
something goes wrong and something always goes wrong.
--
D'Arcy J.M. Cain <darcy(at)druid(dot)net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yusnel Rojas García | 2008-03-18 19:45:03 | pg_dump using SQL |
| Previous Message | D'Arcy J.M. Cain | 2008-03-18 19:24:14 | Re: Create on insert a unique random number |