From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
---|---|
To: | Justin Clift <aa2(at)bigpond(dot)net(dot)au>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Suggested improvement : Adjust SEQUENCES to accept an INCREMENT of functionname(parameters) instead of an integer |
Date: | 2001-06-28 16:01:44 |
Message-ID: | 3.0.5.32.20010629000144.015f3bf0@192.228.128.13 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
At 12:10 PM 6/22/01 +1000, Justin Clift wrote:
>Hi all,
>
>Am doing some work with sequences at the moment, and I'm finding it would be
>useful to have sequences which use an increment amount decided by a function
>call, instead of just a straight integer amount (as we presently do).
>
>For my example, I'd use this to add random positive increments (specifically
>to avoid easy predictability of the sequence), but it would be quite
flexible.
To avoid predictability I usually prefer to have a sequence number and
prepend/append a random number (generated from /dev/urandom or some other
source of entropy).
e.g.
<bookingnumber>=<sequencenumber><random fixed X digit number>
So in order to generate a valid booking number the attacker must get BOTH
correct. For low security stuff like taxi/ticket booking numbers X=3 is
probably good enough, but adding more is no problem.
For web app session IDs I use <longrandomstring>.<sequencenumber>.
That way queries can use the index:
e.g.
select stuff from sessiontable where seqnum=<sequencenumber> and
seqstr=<longrandomstring>.
Given your example, I don't really see why you would need what you want.
Nor does it seem a better solution.
If SEQUENCES are going to be changed, I'd rather prefer to have an option
to use int8 sequences. But I believe at the moment there are other issues
in postgresql that have to be fixed first before int4 sequences become a
limiting factor/issue.
Regards,
Link.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2001-06-28 16:19:17 | Repeated messages (was Re: Suggested improvement : Adjust SEQUENCES) |
Previous Message | Calvin Dodge | 2001-06-28 15:54:29 | Re: useability of apache, PHP, Postgres for real business apps |