I’ve been on this ‘unique identifiers’ kick for url passed variables, so instead of using something like mypage.cfm?id=2, it’s now mypage.cfm?id=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx. Now I’m not sure if this is going to come back and haunt me, but I believe that unique identifiers mean just that, that given the space and time, there will be no other moment than now, and thus, no other identifier. Rather than encrypting the url variables, which I would try to do on a public site, this is what I’m working with on a private members based system. I just want people to not be able to figure out that they just have to up the id by 1 to get someone else’s stuff. It’s relatively easy to do, most programming languages and database languages have a function to create a UUID, ColdFusion for example, has createUUID().
The interesting thing about the UUID is that there are a few different standards. I found this issue the hard way. Not because I didn’t know it, but because I didn’t remember that I’d just run a quick SQL based update of the MySQL version of the create UUID. Of course this ran fine for weeks, until I ran across a code issue. I was trying to pull some info from the database using my UUIDs, and the query wasn’t coming back correctly. So I took it apart piece by piece, made sure it was working, and then added some checks in to make sure my UUID was actually a UUID. Lo and behold, my UUID was not validating with the isValid(“uuid”,myvariable). So then that’s when I remembered that it is important to check for ColdFusion or other UUIDs. There is also the createGUID() function and isValid(“guid”,myvariable) which could have saved me time in regenerating all the UUIDs that were incorrect. Alas, since I had already added the createUUID function in other parts of my code, I didn’t want to go changing everything again.
To sum up: