[geeklog-devel] Re: Autoincrement on Items

Tony Bibbs tony at tonybibbs.com
Thu Jan 27 22:10:29 EST 2005


So you're saying to keep the 'security by obscurity' we get by using the 
sid's?  Sounds good, only gripe is what do you do if you are running 
Geeklog-2 under more than one webserver?  

This is a great question though. Do you depend a bit on obscurity or 
depend on your code to do the appropriate security checking.  If we want 
to stick with some obscurity, is there something beside timestamps we 
could do it with?

FYI, I moved this to the -devel list

--Tony

Vincent Furia wrote:

>Tony,
>
>Just was thinking about one concern about allowing visibility
>to/access by the auto increment column of the item table.  Currently
>in Geeklog with the pseudo random story ids or manually set ids there
>is no chance of a person knowing that another item exists that they
>might have access to.
>
>But if you can see item ids in Gl2 (auto incrementing), and they can
>see story 5 and link 7 they know that there must be (or have been at
>some point) an item 6.
>
>Just something to keep in mind.  Especially if we Gl2 to have the same
>reputation as 1.x.
>
>-Vinny
>  
>




More information about the geeklog-devel mailing list