NewID () - Is there a high probability of exposing previous / next GUIDs

Question

NewID () - Is there a high probability of exposing previous / next GUIDs

I know that GUIDs are theoretically unique with a very low chance of collision. However, if I understand correctly that some uniqueness is available, because it is sown from the information on the computer used to generate it, depending on the algorithm used.

How likely is it that given the GUID, the user could guess the other GUIDs in the table?

As an example, if you have newsletter subscribers with the unsubscribe function, you can simply send it to example.com/subscriber/unsubscribe/{id}

With the whole identity, this is obviously a bad idea. A user with ID 1000 can unsubscribe from your entire database in seconds, guessing the identifiers.

If the identifier column is the GUID initialized for newid (), how likely is it that your user can guess the correct identifiers if they know them?

+3

guid sql-server newid

jfrobishow May 17, '12 at 13:50

source share

2 answers

NEWID() GUID 4, . GUID , .

RFC 4122:

, UUID ; (, ), . .

-, , GUID 4 , . stackexchange , GUID 4 SQL, :

SELECT CAST(CRYPT_GEN_RANDOM(16) AS UNIQUEIDENTIFIER)

:

+2

DalSoft 24 . '16 12:05

Christian Specht · Accepted Answer · 2012-05-17T14:23:00+0000

I would say that this is possible in theory, but very, very unlikely to actually happen.

I read Eric Lippert blog posts that SLaks related in his comment, and some other Stack Overflow answers:

As far as I understand: given a set of several GUIDs, it would be possible to find out if they were created on the same computer. But this is not easy to learn, and, of course, not for the average user.

, , GUID ( ), GUID.
( ) , , , , GUID.

, :
GUID ( , ), , I ), , - , .

NewID () - Is there a high probability of exposing previous / next GUIDs

More articles: