primary key - Why can't I trust a client-generated GUID? Does treating the PK as a composite of client-GUID and a server-GUID solve anything? -

-

i'm building off of a previous discussion had jon skeet.

the gist of scenario follows:

  • client application has ability create new 'playlistitem' objects need persisted in database.
  • use case requires playlistitem created in such way client not have wait on response server before displaying playlistitem.
  • client generates uuid playlistitem, shows playlistitem in client , issue save command server.

at point, understand bad practice use uuid generated client object's pk in database. reason malicious user modify generated uuid , force pk collisions on db.

to mitigate damages incurred forcing pk collision on playlistitem, chose define pk composite of 2 ids - client-generated uuid , server-generated guid. server-generated guid playlistitem's playlist's id.

now, have been using solution while, don't understand why/believe solution better trusting client id. if user able force pk collison user's playlistitem objects think should assume provide user's playlistid. still force collisons.

so... yeah. what's proper way of doing this? allow client create uuid, server gives thumbs up/down when saved. if collision found, revert client changes , notify of collison detected?

a nice solution following: quote sam newman's "building microservices":

the calling system post batchrequest, perhaps passing in location file can placed data. customer service return http 202 response code, indicating request accepted, has not yet been processed. calling system poll resource waiting until retrieves 201 created indicating request has been fulfilled

so in case, post server response "i save playlistitem , promise id one". client (and user) can continue while server (maybe not api, background processor got message api) takes time process, validate , other, possibly heavy logic until saves entity. stated, api can provide endpoint status of request, , client can poll , act accordingly in case of error.


Comments

Post a Comment

Popular posts from this blog

android - getbluetoothservice() called with no bluetoothmanagercallback -

-
i getting getbluetoothservice() called no bluetoothmanagercallback error in android application. i have no idea causing or bluetooth manager callbacks. can give me idea of causing problem or start looking. by reading android source code, seems warning cannot about. source code shows if call bluetoothsocket#connect(); then call bluetoothadapter.getdefaultadapter().getbluetoothservice(null); the key here, null parameter passes in above line. due this, there no callback, , bluetoothsocket class throw out warning. since warning, not think need it. https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/bluetoothsocket.java line 306 https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/bluetoothadapter.java line 1610
Read more

sql - ASP.NET SqlDataSource, like on SelectCommand -

-
i'm working on asp.net. have sqldatasource query hardcoded on selectcommand: <asp:sqldatasource id="datasource1" runat="server" cancelselectonnullparameter="false" connectionstring="<%$ connectionstrings:s.properties.settings.connectionstring %>" selectcommand="select * [table] ([col1] case @col1_param when null col1 else @col1_param end) , ([col2] case @col2_param when null col2 else @col2_param end)" selectcommandtype="text"> <selectparameters> <asp:controlparameter controlid="textbox1" name="col1_param" propertyname="text" type="string" /> <asp:controlparameter controlid="textbox2" name="col2_param" propertyname="text" type="string" /> </selectparameters> what want if enter data on 1 textbox only, data display according textbox
Read more

ios - Undefined symbols for architecture armv7: "_OBJC_CLASS_$_SSZipArchive" -

-
i try using extractzipfile plugin @ this: https://github.com/phonegap/phonegap-plugins/tree/master/ios/extractzipfile but when compiler xcode 4.6.1 in sdk 6.1 throws error: undefined symbols architecture i386: "_objc_class_$_ssziparchive", referenced from: objc-class-ref in extractzipfileplugin.o ld: symbol(s) not found architecture i386 clang: error: linker command failed exit code 1 (use -v see invocation) i try issue @ here: undefined symbols architecture armv7 ssziparchive but shows error: /users/alienware/desktop/extractzipfile/ssziparchive/tests/ssziparchivetests.m:10:9: 'sentestingkit/sentestingkit.h' file not found i work phonegap , make app in ios, dump. update : try add ssziparchive.m compiler source , come new error: undefined symbols architecture i386: "_unzclose", referenced from: +[ssziparchive unzipfileatpath:todestination:overwrite:password:error:delegate:] in ssziparchive.o "_unzclosecurrentfil
Read more