• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CreateUUID

Explorer ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

This question was posted in response to the following article: http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-70de.html

Views

7.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

I'm confused about one aspect of UUIDs: In CF9 standard, if I check the "Use UUID for CKToken", it generates a token that has the 8-4-4-16 character group, but in a addition, it is prefixed by another string, so that the CFTOKEN returned looks something like this: 360353802d5624bb-AD53DEC4-E04D-3E5F-F75EA5F06E6AD3A5. Because of that extra prefix, if I try to write the CFToken to a database table, and use it throws the following error:

ERROR INFORMATION:

The cause of this output exception was that: coldfusion.tagext.sql.QueryParamTag$InvalidDataException: Invalid data value 360353802d5624bb-AD53DEC4-E04D-3E5F-F75EA5F06E6AD3A5 exceeds maxlength setting 50.

So, my questions are: when using UUID for CFToken, what should the maxlength be set to to ensure successful writes, where is the prefix before the 8-4-4-16 character group coming from, and what does that prefix represent?

Thanks,

Michael

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

ColdFusion prepends the UUID with 16 random hexadecimal characters to make the CFToken even more unique. See the section "Ensuring CFToken uniqueness and security" in the livedocs on managing the client state.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

ColdFusion prepends the UUID with 16 random hexadecimal characters to make the CFToken even more unique. See the section "Ensuring CFToken uniqueness and security" in the livedocs on managing the client state.

Because, like, a UUID is not unique enough already.

😐

I do wonder about them (Adobe) sometimes.  [Shrug].  Maybe there's some good reason to do this that I'm not seeing.

--

Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

The random string is not meant to make the token more unique, it is meant to make it random.  UUIDs are plenty unique, but A CF UUID is not random. For a token to be a quality session token it must be random, hence the extra string.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

Yeah... OK. But only the first four bytes of a CF UUID is not random.  The rest is.  So I really don't see the benefit still.  I suppose "more numbers" means "more randomness", but they've already got 96-bits worth of random there.  That's quite a lot.

--

Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

Is that documented anywhere?  Because I do not think that is true. I don't think that CF UUIDs are anywhere near that random (if random at all). Perhaps it has changed over the years, but in the past CF would produce UUIDs like this:

1330544F-C09F-F023-3B5732BB3AB1E6FC

1330546E-C09F-F023-3B427B03747AD651

1330547E-C09F-F023-3B32F655A3898333

1330548D-C09F-F023-3B272F4E96E41BED

1330549D-C09F-F023-3B342477C11A9E36

Now they appear to be better

B7D7C0B8-B308-5369-EFC0BE4E04761AE2

B7D7C0BB-E912-DFB2-214CA7DB792CE7E8

B7D7C0BC-DA8E-AC19-E975FC9328DF931F

B7D7C0BD-DD8B-D5C5-4BE0F86B97BDE54F

B7D7C0BE-F2D2-E4B8-5E5D4DEDD32E54CF

But for whatever reason clearly it was not deemed sufficient. Perhaps it was pressure from those that wanted something more for PCI compliance.  I certainly don't think it was a bad move or anything. The more randomness the better.

jason


Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

Is that documented anywhere?

Documented?  Not that I'm aware of.  But I was looking at the source code of the createUuid() function (in CF9).

--

Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

Good enough for me.

Jason

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 23, 2012 Feb 23, 2012

Copy link to clipboard

Copied

12Robots wrote:

The random string is not meant to make the token more unique, it is meant to make it random. 

Actually, more unique means random!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Feb 24, 2012 Feb 24, 2012

Copy link to clipboard

Copied

No, it doesn't. I could increment numbers 1,2,3,4,5,6,7 and guarantee uniquiness. But they certainly are not random. Uniqueness and Random are not the same thing.

Jason

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 25, 2012 Feb 25, 2012

Copy link to clipboard

Copied

12Robots wrote:

No, it doesn't. I could increment numbers 1,2,3,4,5,6,7 and guarantee uniquiness. But they certainly are not random. Uniqueness and Random are not the same thing.

In your example, uniqueness means distinctness. The list you give is deterministic.

In the above context (of CFToken) uniqueness and randomness are synonymous. They are both measures of the effectiveness of the random generator. In this sense, uniqueness means that, if you pick one CFToken from an extremely large list of CFTokens generated by ColdFusion, the probability of there being another one identical to it is negligible. Randomness means, if you pick any arbitrary number of consecutive CFTokens in the list,  you will be unable to find an algorithm to use them to predict the next one.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

In the above context (of CFToken) uniqueness and randomness are synonymous. They are both measures of the effectiveness of the random generator. In this sense, uniqueness means that, if you pick one CFToken from an extremely large list of CFTokens generated by ColdFusion, the probability of there being another one identical to it is negligible. Randomness means, if you pick any arbitrary number of consecutive CFTokens in the list,  you will be unable to find an algorithm to use them to predict the next one.

While they are both measures of the effectiveness of the random number generator, they do not mean the same thing, regardless of within what context they're used.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

BKBK wrote:

In the above context (of CFToken) uniqueness and randomness are synonymous. They are both measures of the effectiveness of the random generator. In this sense, uniqueness means that, if you pick one CFToken from an extremely large list of CFTokens generated by ColdFusion, the probability of there being another one identical to it is negligible. Randomness means, if you pick any arbitrary number of consecutive CFTokens in the list,  you will be unable to find an algorithm to use them to predict the next one.

Dave Watts wrote:

While they are both measures of the effectiveness of the random number generator, they do not mean the same thing, regardless of within what context they're used.

A statement with just the bare bones and no beef gives us little to chew on. As an aside, I do believe that the clause "regardless of within what context" exists out of the realms of language and logic. For context is one of the fundaments of language and logic. I'll leave it here, lest the argument stray even further away from the CFToken.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

I will simplify it for you. There is no context in which uniqueness and randomness mean the same thing. Period. There is nothing here for you to "chew on" - it's a very simple thing.

As an aside, you'll have to forgive me if I don't rely on your explanation of the realms of language and logic.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Dave Watts wrote:

There is no context in which uniqueness and randomness mean the same thing.

This statement is of course untrue. You state, but fail to expound. By beef, I meant you could, for example, expound on the lack of equivalence between uniqueness and randomness in a few contexts of your own choosing.

You mentioned the random number generator, so we're in the domain of mathematics, computing, physics and logic. Take your pick. You may want to show the lack of equivalence between uniqueness and randomness in the sense of Gauss, Lyapunov or Kolmogorov, in the sense of Turing and predicate logic, or in the sense of Markov, Wiener or chaotic dynamics.

Above, I explained a context in which uniqueness implies randomness, and where randomness implies uniqueness. Equivalence follows. It may also be that I'm wrong. However, if you do not come up with a substantial argument, then we should just agree to differ and leave it at that.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Wiener

Well you're definitely being one of those.

😉

--

Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Adam Cameron. wrote:

Wiener

Well you're definitely being one of those.

😉

I'm not worthy.

Norbert Wiener:

     - graduated from high school at 11

     - obtained a degree in Mathematics at 14

     - obtained a Ph.D. from Harvard at 17

     - made significant contributions in computing, robotics, mathematics, physics, logic, biology, just to name some.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Above, I explained a context in which uniqueness implies randomness, and where randomness implies uniqueness. Equivalence follows. It may also be that I'm wrong. However, if you do not come up with a substantial argument, then we should just agree to differ and leave it at that.

Mutual implication between two things does not make them equivalent, no matter how much you seem to think it does, and no matter what context you explain. I don't see how an argument can be more substantial than one that relies on the plain meaning of two words.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

BKBK wrote:

Above, I explained a context in which uniqueness implies randomness, and where randomness implies uniqueness. Equivalence follows. It may also be that I'm wrong. However, if you do not come up with a substantial argument, then we should just agree to differ and leave it at that.

Dave Watts wrote:

Mutual implication between two things does not make them equivalent, no matter how much you seem to think it does, and no matter what context you explain.

You are again wrong. If x implies y and y implies x, then x is equivalent to y (at least in the contexts of mathematics, computation and logic).

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Dave Watts wrote:

Mutual implication between two things does not make them equivalent, no matter how much you seem to think it does, and no matter what context you explain.

You are again wrong. If x implies y and y implies x, then x is equivalent to y (at least in the contexts of mathematics, computation and logic).

Words are not numeric expressions. Sentences are not solvable equations.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Dave Watts wrote:

Mutual implication between two things does not make them equivalent, no matter how much you seem to think it does, and no matter what context you explain.

BKBK wrote:

You are again wrong. If x implies y and y implies x, then x is equivalent to y (at least in the contexts of mathematics, computation and logic).

Dave Watts wrote:

Words are not numeric expressions. Sentences are not solvable equations.

That statement doesn't only apply to numeric expressions. It is a universally accepted fact in logic.

So, let me oblige, using sentences. If one sentence implies another, and the second implies the first, then the 2 sentences are equivalent.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

That statement doesn't only apply to numeric expressions. It is a universally accepted fact in logic.

So, let me oblige, using sentences. If one sentence implies another, and the second implies the first, then the 2 sentences are equivalent.

This is where I sighed, but I guess you couldn't hear that.

Here is a very simple counterexample. One sentence can, of course, imply more than one thing. If one sentence implies a second and a third, and the second implies the first but not the third, they are clearly not equivalent. What you presumably meant was that if x implies y and only implies y, and vice-versa, then they are equivalent. Of course, that rarely happens with sentences that have any complexity at all. When it happens with words, we call those words "synonyms". So, again, mutual implication, alone, between two things does not make them equivalent.

Now, going back to the item in question. Here is your quote from a previous post:

"In the above context (of CFToken) uniqueness and randomness are synonymous. They are both measures of the effectiveness of the random generator. In this sense, uniqueness means that, if you pick one CFToken from an extremely large list of CFTokens generated by ColdFusion, the probability of there being another one identical to it is negligible. Randomness means, if you pick any arbitrary number of consecutive CFTokens in the list,  you will be unable to find an algorithm to use them to predict the next one."

This set of sentences contradict each other. Just because two things are required for a third thing, that does not mean that those two things are synonymous. And, in fact, you acknowledge that by GIVING DIFFERENT DEFINITIONS FOR THOSE TWO THINGS. Those two sentences DO NOT MEAN THE SAME THING. If they did, you could swap their definitional clauses like so:

"uniqueness means that, if you pick any arbitrary number of consecutive CFTokens in the list,  you will be unable to find an algorithm to use them to predict the next one."

"randomness means that, if you pick one CFToken from an extremely large list of CFTokens generated by ColdFusion, the probability of there being another one identical to it is negligible."

Now, I notice that you did not do this. And, I suspect, you would not be inclined to say that you can, in fact, do this. That is because the two words mean different things, even in the context in which you used them.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

I see no development or new idea beyond my own, so I'll end here.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 26, 2012 Feb 26, 2012

Copy link to clipboard

Copied

Your "new idea" seems to be that you can define words however you like, as Humpty-Dumpty would. So perhaps it's best you end here.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation