David Garamond wrote:
>> So it is possible for a user connected to the DB to send random commit
>> or cancel commands, just in case she happens to hit a valid GID?
>
>
> It is not essentially different from someone trying to bruteforce a
> password. A 128bit value like a random GUID is as strong as a 16 char
> password comprising ASCII 0-255 characters. And I would argue that this
> is _not_ security through obscurity. Security through obscurity is
> relying on unpublished methods/algorithms. This is not.
You have no guarantees that GIDs generated by an external transaction
manager are random. An obvious implementation is TM-identity plus
sequence number, which is very predictable.
-O