Am 10.03.2011 21:56, schrieb Claudio Nanni:
> On Mar 10, 2011 9:23 PM, "Reindl Harald" <h.reindl@stripped> wrote:
>>> So hashing or encrypting the id column will make the id's non-contiguous
> and impossible to guess.
>> sorry but this is foolish
>> leave the id in peace and add a colum with some checksum
> Wordpress guys are also foolish?
of course they are
look at their awful code
you will not really tell me that quality looks like wordpress?
> And what's the difference between passing in a GET an encrypted Id or
> passing another column with a checksum deriving from the Id?
what exactly do you not understand?
fecth the record by its primary key is pretty fast
decide the data-output by a checksum which is independent
to the key
how will you do this any other way?
you can not use hash functions because you can not revert them for
fetch the record, so you have to use obfusction you can revert to
the key and if you can do this anybody will sooner or later
Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc