If it's UUIDv4 and you validate that the UUID is valid and not conflicting I don't really ...

wongarsu • yesterday at 12:31 PM • 2 replies • view on HN

If it's UUIDv4 and you validate that the UUID is valid and not conflicting I don't really see the issue with user-generated UUIDs. Being able to generate unique keys in an uncoordinated manner is the main selling point of UUIDs

Sure, it's something I'd flag in any design to spend two minutes to talk about potential security implications. But usually there aren't any

Replies

AntiUSAbah • yesterday at 1:23 PM

Validation etc. every thing which should not be controlled by a user, will not be controlled by a user.

JambalayaJimbo • yesterday at 7:20 PM

The whole point of UUIDv4 is that you don't need to check if it's conflicting and can just use them right away. This falls apart if you let untrusted sources of UUIDv4's enter your system IMO

alt Hacker News

Replies