Using UUID and @Accessor in Java
54 views
Skip to first unread message
Julian Reyes
Jul 31, 2015, 6:25:22 AM7/31/15
to DataStax Java Driver for Apache Cassandra User Mailing List
Hello,
I do not know if this the correct list to post on.
I am new in Cassandra and I am implementing a RESTful Java app using Cassandra as database, I set up a table where my primary key is like id uuid.
The application works properly, I can get all information from DB, insert, update, delete, basic CRUD operations.
When I get all the information from the database it will send back the actual uuid so if I want to update that record like for example:
@Query("UPDATE complex.users SET addresses[:name]=:address WHERE id = :id") ResultSet addAddress(@Param("id") UUID id, @Param("name") String addressName, @Param("address") Address address);
The thing is that that "id" is pass into the URL, so my question is:
would it be possible to encrypt the uuid when it is sent to the client
so that when the user requests to change some data it cannot be seen in the URL?
the idea is like this:
I want the user to see the url like:
http://localhost:8080/wineApp/#wine/{someId}
instead of
http://localhost:8080/wineApp/#wine/{uuid}
That uuid will be exactly the same as uuid in cassandra, I do not know if that could be a security issue
Thanks.
Olivier Michallat
Aug 3, 2015, 2:16:30 PM8/3/15
to java-dri...@lists.datastax.com
Hi,
IMHO that's not a persistence problem, so it should be handled by your application before calling the accessor. If you really want to do it in the accessor, you could use custom codecs but that's in 2.2 only.
That being said, I don't think exposing a UUID is a security issue. What could users to with it that they couldn't if it's encrypted?
--
Olivier Michallat
Driver & tools engineer, DataStax
To unsubscribe from this group and stop receiving emails from it, send an email to java-driver-us...@lists.datastax.com.
Julian Reyes
Aug 4, 2015, 5:11:35 AM8/4/15
to DataStax Java Driver for Apache Cassandra User Mailing List
Ni Olivier,
Thanks for replying.
Well, I was just wondering it could end up exposing the underlying technology by showing those UUIDs.
Regards,
Thanks for replying.
Well, I was just wondering it could end up exposing the underlying technology by showing those UUIDs.
Regards,
Olivier Michallat
Aug 5, 2015, 4:55:09 AM8/5/15
to java-dri...@lists.datastax.com
Hi,
UUIDs are based on a standard (RFC-4122), so I don't think you can identify a particular technology just by looking at them.
--
Olivier Michallat
Driver & tools engineer, DataStax
Reply all
Reply to author
Forward
0 new messages