[geeklog-devel] Re: Autoincrement on Items
Tony Bibbs
tony at tonybibbs.com
Thu Jan 27 22:10:29 EST 2005
So you're saying to keep the 'security by obscurity' we get by using the
sid's? Sounds good, only gripe is what do you do if you are running
Geeklog-2 under more than one webserver?
This is a great question though. Do you depend a bit on obscurity or
depend on your code to do the appropriate security checking. If we want
to stick with some obscurity, is there something beside timestamps we
could do it with?
FYI, I moved this to the -devel list
--Tony
Vincent Furia wrote:
>Tony,
>
>Just was thinking about one concern about allowing visibility
>to/access by the auto increment column of the item table. Currently
>in Geeklog with the pseudo random story ids or manually set ids there
>is no chance of a person knowing that another item exists that they
>might have access to.
>
>But if you can see item ids in Gl2 (auto incrementing), and they can
>see story 5 and link 7 they know that there must be (or have been at
>some point) an item 6.
>
>Just something to keep in mind. Especially if we Gl2 to have the same
>reputation as 1.x.
>
>-Vinny
>
>
More information about the geeklog-devel
mailing list