可以将客户端生成的GUID直接转换为服务器端,进行存储,等等? 没有更高的碰撞风险?
[英]It is fine to translate guids generated client-side directly to server-side, store them, etc? No higher risk of collisions?
问题描述
I've written a client-side application. 
我已经编写了一个客户端应用程序。 I am now creating a backend for it to persist data, but am curious about GUID implementations. 我现在正在为其创建一个后端以保留数据,但对GUID实现感到好奇。
Client side, I generate a Song object with a unique ID using the following JavaScript. 在客户端,我使用以下JavaScript生成具有唯一ID的Song对象。 It is based off of this StackOverflow post . 它基于此StackOverflow帖子 。
//Based off of: https://stackoverflow.com/questions/105034/how-to-create-a-guid-uuid-in-javascript
generateGuid: function () {
var startStringFormat = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx';
var guid = startStringFormat.replace(/[xy]/g, function (c) {
var r = Math.floor(Math.random() * 16);
var v = c === 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
});
return guid;
},
Now, I'm defining a class in C# to represent my Song object: 现在,我在C#中定义一个类来表示我的Song对象:
public class Song
{
public virtual Guid Id { get; set; }
public virtual Guid PlaylistId { get; set; }
public virtual int VideoId { get; set; }
public virtual string Url { get; set; }
public virtual string Title { get; set; }
public virtual int Duration { get; set; }
}
Doing so got me wondering about the implications of the interacting Guid objects. 这样做让我想知道交互的Guid对象的含义。 Can I just take all of the Song objects I have in localStorage and do a direct translation of their Guids? 我是否可以仅提取localStorage中拥有的所有Song对象并直接转换其Guid? Should I regenerate all of them? 我应该重新生成它们吗?
3 个解决方案
解决方案1
2 已采纳 2012-11-24 22:14:48
As Guid are unique (if correctly generated) you can reuse existing IDs. 由于Guid是唯一的(如果正确生成),您可以重用现有的ID。 Be careful, though, because a malicious client can send any ID of course, not just a random one. 但是要小心,因为恶意客户端当然可以发送任何ID,而不仅仅是随机ID。 So a client can easily provoke a collision among his own Guids. 因此,客户可以轻松地在自己的Guid之间引起冲突。 If all benevolent clients generate their Guid randomly, a malicious client cannot cause a collision with them. 如果所有仁慈的客户端随机生成其Guid,则恶意客户端无法与它们发生冲突。 In that sense, a Guid is like a 128-bit password, which is exceptionally strong. 从这个意义上讲,Guid就像一个128位的密码,非常强大。
On the other hand, the way you generate those Guids is not using a cryptographically secure random number generator. 另一方面,生成这些Guid的方式不是使用加密安全的随机数生成器。 So I guess you should make the server provide a secure Guid to you by issuing an AJAX call to it. 因此,我想您应该通过向服务器发出AJAX调用来使服务器向您提供安全的Guid。
The generation algorithm shown looks funky to me. 所示的生成算法对我来说看起来很时髦。 You don't need to maintain any particular pattern. 您不需要维护任何特定的模式。 You can just generate a Guid consisting of 100% random components. 您可以只生成由100%随机成分组成的Guid。
解决方案2
2 2012-11-24 22:41:53
由于您的算法基于Math.random生成的伪随机数,并且由于随机数生成器是从当前时间播种的 ,因此似乎存在发生冲突的风险。
解决方案3
0 2012-11-24 23:17:50
Seems that under certain circumstances, you actually may get a pretty high chance of collisions with this method. 似乎在某些情况下,使用此方法实际上可能会产生很高的碰撞机会。 Check this question: Collisions when generating UUIDs in JavaScript? 检查以下问题: 在JavaScript中生成UUID时发生冲突?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.