| From: | Lexington Luthor <Lexington(dot)Luthor(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Generating unique session ids |
| Date: | 2006-07-27 09:30:25 |
| Message-ID: | eaa13o$b5b$1@sea.gmane.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tomasz Ostrowski wrote:
> On Wed, 26 Jul 2006, Tom Lane wrote:
>
>> "Antimon" <antimon(at)gmail(dot)com> writes:
>>> As the id field is primary key, it should generate a unique violation
>>> if duplicate ids created, might be seen rarely but wanted to solve it
>>> anyway.
>> Why don't you just use a serial generator?
>
> If I may interrupt:
> Session id's for web cannot be predictable because this will create a
> security hole in application. md5(random()) is also a bad choise -
> very much predictable.
>
> Mr Antimon would definately better use another way of generating
> session ID's - for example PHP sessions and session_id(). He can also
> use system entropy source like /dev/urandom on POSIX systems.
>
> Regards
> Tometzky
Using a sequence does not mean it will be predictable.
In the past I have used something similar to this:
SELECT md5('secret_salt' || nextval('my_seq')::text)
Regards,
LL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karsten Hilbert | 2006-07-27 11:02:30 | Re: Mapping/DB Migration tool |
| Previous Message | Shoaib Mir | 2006-07-27 08:12:03 | Re: Database corruption with Postgre 7.4.2 on FreeBSD 6.1? |