Bernardo de Barros Franco writes:
> Hello, I was wondering if noone can help me maybe someone could at least
> give me some directions where to look for info or where to ask:
> I wanted to index a table by a random key.
As others have pointed out, making a unique random primary key is
tough. What I do for my cookie on my web based login system is have
two fields in my database, one's the "id SERIAL", the other is a
"magiccookie CHAR(16)" which I populate with 16 random characters on
the initial insert.
My cookie is then of the format "id/magiccookie". In my login
verification code I split on the "/" character and query on "WHERE
id=$id AND magiccookie=$magiccooke". Even though the "id" field is
encoded in the cookie in plain text a cracker can't just guess at the
user id number because that 16 character magiccookie needs to match as
well.
This also lets me be pretty loose about the id information, I can use
it in other public places, because only the magiccookie needs to be
restricted to being known by the logged in user.
Dan
