"Stephanie Stowe" wrote:
http://www.devx.com/dbzone/Article/10167
I am not at liberty to do this as I do not have SQL Server. We use
DB2 on the iSeries. More in a new post this am.
The GUID suggestion was merely one way of creating an "unguessabl e" session
id. You don't need SQL Server to create one:
[JScript example]
Server.CreateOb ject("Scriptlet .TypeLib").GUID .replace(/[{}]/g,"")
(The object has a .GUID string property)
You certainly can implement your own, for that matter. For example, you
could randomly generate a string of digits and check your db for uniqueness.
How many digits would suffice? Suppose you use the GUID as an example of a
sufficient space. There are (2^8)^16 (or
3.4028236692093 846346337460743 177e+38) possible values. Using just the
characters [0-9], you would need 38.53 characters to cover the same range of
values. Using [A-Z], you would need 27.23 characters. Combining them,
[A-Z0-9] requires strings of length 24.76, [a-zA-Z] needs 22.45, [A-Za-z0-9]
needs 21.50 characters.
Obviously, there is no such thing as a string of length 38.53. But by
choosing 39 character strings of [0-9], you guarantee a space at least as
large as the GUID space. Does that seem like ling strings? Consider that it
takes 32 hex characters to express a 16-byte GUID value.
Some of the same pitfalls apply to self-generated session ids as to GUIDs,
BTW. Their length makes them make poor primary keys, for example.
For what it's worth, script-based random number generation is not exactly
random.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
