Timeline for Protecting against malicious duplicate IDs in a distributed environment
Current License: CC BY-SA 4.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 25, 2024 at 8:16 | comment | added | Basilevs | @Philippe yes, but rawid should be verified to be locally unique | |
| Apr 25, 2024 at 6:49 | comment | added | Philippe | just for completeness, what i described in my previous comment is basically a UUIDv5 | |
| Apr 24, 2024 at 17:29 | comment | added | Philippe |
@Basilevs you mean id = hash(prefix + rawid)? Where rawid might be a uuid v4 or whatever. That would probably work. Only downside is you lose some controll over the resulting id, but still a nice solution.
|
|
| Apr 24, 2024 at 16:38 | comment | added | candied_orange | Also, don't assume all 1 to 1 relationships stay that way without enforcement. | |
| Apr 24, 2024 at 16:37 | comment | added | candied_orange | @Basilevs true. | |
| Apr 24, 2024 at 16:35 | comment | added | Basilevs | @Philippe hash prefixed local UID and you get global UID without leakage. | |
| Apr 24, 2024 at 16:30 | comment | added | candied_orange | @Philippe to be exact. We don't care which web address, or host we're talking to. We care which context. Ya know, the thing picking IDs. Indirections between those can certainly mess this up. Within a context the ID counter must obey the Highlander rule: there can be only one. | |
| Apr 24, 2024 at 15:58 | vote | accept | Philippe | ||
| Apr 24, 2024 at 15:57 | comment | added | Philippe | I agree from an implementation/client perspective most of the time a prefix is implicitly already obvious. Only when entities from multiple services or local and non-local entities are handled at the same time, does the process really need to be aware of a prefix. And also there probably really is no simple solution to this problem, if the complexity is required. | |
| Apr 24, 2024 at 15:04 | history | edited | candied_orange | CC BY-SA 4.0 |
added 3 characters in body
|
| Apr 24, 2024 at 13:20 | history | edited | candied_orange | CC BY-SA 4.0 |
added 112 characters in body
|
| Apr 24, 2024 at 12:27 | history | edited | candied_orange | CC BY-SA 4.0 |
added 16 characters in body
|
| Apr 24, 2024 at 12:21 | history | edited | candied_orange | CC BY-SA 4.0 |
deleted 1 character in body
|
| Apr 24, 2024 at 12:14 | history | answered | candied_orange | CC BY-SA 4.0 |