Re: Suggested improvement : Adjust SEQUENCES to accept an INCREMENT of functionname(parameters) instead of an integer

At 12:10 PM 6/22/01 +1000, Justin Clift wrote:
>Hi all,
>
>Am doing some work with sequences at the moment, and I'm finding it would be
>useful to have sequences which use an increment amount decided by a function
>call, instead of just a straight integer amount (as we presently do).
>
>For my example, I'd use this to add random positive increments (specifically
>to avoid easy predictability of the sequence), but it would be quite
flexible.

To avoid predictability I usually prefer to have a sequence number and
prepend/append a random number (generated from /dev/urandom or some other
source of entropy).

e.g.
<bookingnumber>=<sequencenumber><random fixed X digit number>

So in order to generate a valid booking number the attacker must get BOTH
correct. For low security stuff like taxi/ticket booking numbers X=3 is
probably good enough, but adding more is no problem.

For web app session IDs I use <longrandomstring>.<sequencenumber>.

That way queries can use the index:
e.g.
select stuff from sessiontable where seqnum=<sequencenumber> and
seqstr=<longrandomstring>.

Given your example, I don't really see why you would need what you want.
Nor does it seem a better solution.

If SEQUENCES are going to be changed, I'd rather prefer to have an option
to use int8 sequences. But I believe at the moment there are other issues
in postgresql that have to be fixed first before int4 sequences become a
limiting factor/issue.

Regards,
Link.