Re: Random Unique Integer - Mailing list pgsql-sql

From Kristo Kaiv
Subject Re: Random Unique Integer
Date
Msg-id 42F997D8-E95C-41F0-A94B-0417131BCDF9@skype.net
Whole thread Raw
In response to Re: Random Unique Integer  ("Campbell, Lance" <lance@uiuc.edu>)
List pgsql-sql
On 14.06.2007, at 22:40, Campbell, Lance wrote:

> I have a web application that is used to create web surveys and web
> forms.  Users can create any number of surveys or forms at any time.
> The primary key on one of my tables defines the ID for any given  
> form or
> survey.  I do NOT want the number sequential.  Since I use the  
> number in
> the web URL as a parameter, I don't want people guessing what  
> survey or
> form is next.  By creating a very large random number the users cannot
> easily guess another form or survey's ID.  This number is not designed
> for security but to keep people from being nosey and poking around
> easily into someone else's form or survey.
>
> Can a table have a primary key that is randomly generated?

you could do it like this:

test=# create table testsurvey (id_survey serial primary key, survey  
text);
NOTICE:  CREATE TABLE will create implicit sequence  
"testsurvey_id_survey_seq" for serial column "testsurvey.id_survey"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index  
"testsurvey_pkey" for table "testsurvey"
CREATE TABLE

test=# insert into testsurvey (survey) values ('first');
INSERT 0 1
test=# insert into testsurvey (survey) values ('second');
INSERT 0 1
test=# insert into testsurvey (survey) values ('third');
INSERT 0 1

test=# select *, md5(id_survey) from testsurvey;
id_survey | survey |               md5
-----------+--------+----------------------------------         1 | first  | c4ca4238a0b923820dcc509a6f75849b         2
|second | c81e728d9d4c2f636f067f89cc14862c         3 | third  | eccbc87e4b5ce2fe28308fd9f2a7baf3
 
(3 rows)

so you actually show out only the PK id-s md5 hash

test=# create index idx_survey_md5 on testsurvey (md5(id_survey));
CREATE INDEX

test=# select * from testsurvey where md5(id_survey) =  
'c81e728d9d4c2f636f067f89cc14862c';
id_survey | survey
-----------+--------         2 | second

The hashing algorithm you chose depends on the amount of rows you  
expect there.
And also how difficult cracking it needs to be.

In case you have many rows and you think collision checking is  
necessary you could
store the calculated hash in a new column. for replication management  
purposes
its better to keep the PK as serial / bigserial.

Example: 100K surveys,
hashtext(id) : 4B int
100 000 / 256 ** 4 = 42949 (1:42949 chance that the next number will  
lead to a valid survey entry)
keep the hashed pk value in a separate row as you will deplete  
1/42949-th of the hash space with 100K rows

peace,
Kristo






pgsql-sql by date:

Previous
From: "Campbell, Lance"
Date:
Subject: Re: Random Unique Integer
Next
From:
Date:
Subject: Re: Organization of tables