The numeric id's are sparsely generated unless you preallocate ranges, but they are in a finite range, so in theory some one can guess them.
Maybe you should hash them (along with some other data) and provide that instead, then store the hash and use that to lookup the id. Alternately implement security (which is most cases is a better solution), such that no one can use other id's unless they have permission to. T On Monday, February 17, 2014 9:23:39 AM UTC+8, Pok wrote: > > I can't seem to find any documentations about auto generated numeric keys > on whether the values are guessable or not. I want to use the key as an > order number to give to the user, so I need something that is not > guessable. > > I'm using JDO with these annotations in the primary key field > > > @PrimaryKey > @Persistent(valueStrategy = IdGeneratorStrategy.IDENTITY) > private Long id; > > On the development server, it seems like the keys are sequential, while on > the live server, it looks like the key is base on the timestamp of the > transaction. Is there somewhere I can find more information on how these > keys are generated? Or is there a better way to generate ids that are safe > to give out as order numbers? > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
