堆栈内存溢出
  简体   繁体   English

我应该让NHibernate为创建的实体生成GUID,还是在客户端生成GUID安全吗?

[英]Should I let NHibernate generate GUIDs for created entities, or is it safe to generate the GUIDs client-side?

 原文  2012-12-15 21:18:30       javascript/ guid

问题描述

I'm trying to improve the responsiveness of an app. 我正在尝试提高应用程序的响应速度。 The user indicates they want to add a Song object to a Playlist. 用户指示他们想要将Song对象添加到播放列表。 To do so, I create a new Song object, save it to my server to set its ID, then, when the server responds successfully, I add the Song object to the Playlist. 为此,我创建了一个新的Song对象,将其保存到服务器中以设置其ID,然后,当服务器成功响应时,我将Song对象添加到播放列表中。

This has the side-effect of giving the user an awkward delay between their action and the app's response. 这样做的副作用是,在用户的操作和应用的响应之间会给用户带来尴尬的延迟。

I am wondering if it is OK to generate the GUIDs for my entities client-side instead of passing an object with an empty GUID to NHibernate (which then sets it while working with my Sql Server DB.) 我想知道是否可以为我的实体客户端生成GUID,而不是将具有空GUID的对象传递给NHibernate(然后在与Sql Server DB一起工作时对其进行设置)。

I would be using this method to generate a GUID : 我将使用此方法来生成GUID 

'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
    var r = Math.random()*16|0, v = c == 'x' ? r : (r&0x3|0x8);
    return v.toString(16);
});

I am concerned about collisons, though. 不过,我担心Collisons。 Should I be? 我可以做? Or are client-side and server-side generation of GUIDs mostly the same? 还是客户端和服务器端的GUID大致相同?

2 个解决方案

解决方案1
 1 已采纳  2012-12-15 21:24:40

When generating IDs on the client side you cannot guarantee unique IDs, because client side javascript code can be modified by versed users (or the request sent to the server can be modified). 在客户端上生成ID时,您不能保证唯一的ID,因为精通的用户可以修改客户端javascript代码(或者可以修改发送到服务器的请求)。 So you should generate the GUID on the server side to be save. 因此,您应该在服务器端生成要保存的GUID。

解决方案2
 0  2012-12-15 21:43:26

The method of generating GUID you mentioned is definitely not safe and would result in collisions sooner or later. 您提到的生成GUID的方法绝对不安全,迟早会导致冲突。 You should definitely generate GUID on the server side. 您绝对应该在服务器端生成GUID。

Is there any reason for you to create new Song object? 您是否有任何理由创建新的Song对象?
Are you copying existing objects or creating brand new ones? 您是要复制现有对象还是创建全新的对象?
If it's a copy, you should consider linking the original to the playlist (you don't have to wait for the GUID then). 如果是副本,则应考虑将原始链接到播放列表(然后不必等待GUID)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 可以将客户端生成的GUID直接转换为服务器端,进行存储,等等? 没有更高的碰撞风险? - It is fine to translate guids generated client-side directly to server-side, store them, etc? No higher risk of collisions? 在客户端生成 rsa 密钥对(在浏览器上) - Generate rsa keypair client-side (on the browser) 在客户端生成可下载的文件流 - Generate downloadable file stream on client-side 如何在ASP.NET MVC项目中为knockout生成客户端视图模型? - How can I generate client-side view models for knockout in an ASP.NET MVC project? 在客户端生成唯一 ID 的最佳方法(使用 Javascript) - Best way to generate unique ids client-side (with Javascript) 从客户端JavaScript生成的站点生成静态HTML - Generate Static HTML From Client-Side JavaScript Generated Site 在基于phonegap的应用程序上使用jspdf生成客户端pdf - Generate client-side pdf with jspdf on phonegap based apps 在服务器端实时生成客户端脚本可行吗? - It is feasible to generate client-side scripts on the server in realtime? 客户端登录可以安全吗? - Can a client-side login be safe? 客户端HTML清理有多安全? - How safe is client-side HTML Sanitization?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM