On Jan 31, 2008, at 10:08 AM, Peter Saint-Andre wrote:
We can specify that a session ID must be a UUID. I think that's a good idea.
While I think using UUID's in general is a great idea, just keep in mind that traditional UUID calculation implementations have security concerns because they leak the MAC address of the primary network card. If you are going to explicitly encourage the use of UUID's, I think you should explicitly recommend against using UUID generation methods which would leak such information.
__________________ Robert Quattlebaum Jabber: [EMAIL PROTECTED] eMail: [EMAIL PROTECTED] www: http://www.deepdarc.com/
