| From: | Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Antimon <antimon(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Generating unique session ids |
| Date: | 2006-07-27 08:08:48 |
| Message-ID: | 20060727080847.GA15258@batory.org.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, 26 Jul 2006, Tom Lane wrote:
> "Antimon" <antimon(at)gmail(dot)com> writes:
> > As the id field is primary key, it should generate a unique violation
> > if duplicate ids created, might be seen rarely but wanted to solve it
> > anyway.
>
> Why don't you just use a serial generator?
If I may interrupt:
Session id's for web cannot be predictable because this will create a
security hole in application. md5(random()) is also a bad choise -
very much predictable.
Mr Antimon would definately better use another way of generating
session ID's - for example PHP sessions and session_id(). He can also
use system entropy source like /dev/urandom on POSIX systems.
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shoaib Mir | 2006-07-27 08:12:03 | Re: Database corruption with Postgre 7.4.2 on FreeBSD 6.1? |
| Previous Message | Tom Lane | 2006-07-27 05:24:22 | Re: Understanding VARHDRSZ |