List:General Discussion« Previous MessageNext Message »
From:Reindl Harald Date:March 10 2011 9:06pm
Subject:Re: How to protect primary key value on a web page?
View as plain text  

Am 10.03.2011 21:56, schrieb Claudio Nanni:
> On Mar 10, 2011 9:23 PM, "Reindl Harald" <h.reindl@stripped> wrote:

>>> So hashing or encrypting the id column will make the id's non-contiguous
> and impossible to guess.
>>
>> sorry but this is foolish
>> leave the id in peace and add a colum with some checksum
> 
> Wordpress guys are also foolish?

of course they are
look at their awful code
you will not really tell me that quality looks like wordpress?

> And what's the difference between passing in a GET an encrypted Id or
> passing another column with a checksum deriving from the Id?

what exactly do you not understand?

fecth the record by its primary key is pretty fast
decide the data-output by a checksum which is independent
to the key

how will you do this any other way?
you can not use hash functions because you can not revert them for
fetch the record, so you have to use obfusction you can revert to
the key and if you can do this anybody will sooner or later




Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
Thread
How to protect primary key value on a web page?mos10 Mar
  • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
    • Re: How to protect primary key value on a web page?mos10 Mar
      • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
        • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
          • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
      • Re: How to protect primary key value on a web page?Claudio Nanni10 Mar
      • Re: How to protect primary key value on a web page?Mark Kelly10 Mar
  • Re: How to protect primary key value on a web page?Reindl Harald10 Mar
    • Re: How to protect primary key value on a web page?Mike Diehl10 Mar
  • Re: How to protect primary key value on a web page?MySQL)10 Mar