| From: | Greg Stark <gsstark(at)mit(dot)edu> |
|---|---|
| To: | "D(dot) Dante Lorenso" <dante(at)lorenso(dot)com> |
| Cc: | "Keith C(dot) Perry" <netadmin(at)vcsn(dot)com>, Greg Stark <gsstark(at)mit(dot)edu>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Drawbacks of using BYTEA for PK? |
| Date: | 2004-01-13 05:24:33 |
| Message-ID: | 87r7y4qv3i.fsf@stark.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"D. Dante Lorenso" <dante(at)lorenso(dot)com> writes:
> Maybe a better example of my problem is with records throughout the system
> like invoices, customer data, etc... If any of these items use a sequence
> and that sequence is global to the table in the database and the number is
> exposed externally, then it is possible to infer the success of the company
> underneath, is it not?
Except that's exactly the way business has always been done. Though people
usually start new accounts with check# 50000 or something like that for
precisely that reason. But it's still pretty transparent, and they don't
really worry about it too much.
What you're saying is fundamentally valid, but I tend to think these kinds of
concerns are just generically overblown.
My only comment was that just taking an MD5 of the sequence gives you no
security. At the very least you have to include a secret. Even then I suspect
there are further subtle cryptographic issues. There always are.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Ochs | 2004-01-13 05:47:13 | Re: sql insert function |
| Previous Message | Tom Lane | 2004-01-13 04:56:27 | Re: Column qualifier issue |