Home > mailing lists

Re: Generating unique session ids - Mailing list pgsql-general

From	Tomasz Ostrowski
Subject	Re: Generating unique session ids
Date	July 27, 2006 08:09:04
Msg-id	20060727080847.GA15258@batory.org.pl Whole thread Raw
In response to	Re: Generating unique session ids (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Generating unique session ids (Lexington Luthor <Lexington.Luthor@gmail.com>)
List	pgsql-general

Tree view

On Wed, 26 Jul 2006, Tom Lane wrote:

> "Antimon" <antimon@gmail.com> writes:
> > As the id field is primary key, it should generate a unique violation
> > if duplicate ids created, might be seen rarely but wanted to solve it
> > anyway.
>
> Why don't you just use a serial generator?

If I may interrupt:
Session id's for web cannot be predictable because this will create a
security hole in application. md5(random()) is also a bad choise -
very much predictable.

Mr Antimon would definately better use another way of generating
session ID's - for example PHP sessions and session_id(). He can also
use system entropy source like /dev/urandom on POSIX systems.

Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
                                                      Winnie the Pooh

pgsql-general by date:

From: Tom Lane
Date: 27 July 2006, 05:24:34
Subject: Re: Understanding VARHDRSZ

From: "Shoaib Mir"
Date: 27 July 2006, 08:12:42
Subject: Re: Database corruption with Postgre 7.4.2 on FreeBSD 6.1?

Re: Generating unique session ids - Mailing list pgsql-general

Previous

Next