David Garamond wrote:
So it is possible for a user connected to the DB to send random commit or cancel commands, just in case she happens to hit a valid GID?
It is not essentially different from someone trying to bruteforce a password. A 128bit value like a random GUID is as strong as a 16 char password comprising ASCII 0-255 characters. And I would argue that this is _not_ security through obscurity. Security through obscurity is relying on unpublished methods/algorithms. This is not.
You have no guarantees that GIDs generated by an external transaction manager are random. An obvious implementation is TM-identity plus sequence number, which is very predictable.
-O
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
