|
|
|
|
|
|
by whynotmaybe
711 days ago
|
|
|
The draft spec for uuid v7 has details about the security considerations : https://www.ietf.org/archive/id/draft-peabody-dispatch-new-u... The way I see it is that uuid v7 in itself is great for some use but not for all uses. You always have to remember that a v7 always carries the id's creation time as metadata with it, whether you want it or not.
And if you let external users get the v7, they can get that metadata. I'm not a security expert but I know enough to know that you should only give the minimal data to a user. My only guess is that v7 being so new, attacks aren't widespread for now, and I know why the author decided not to focus on "if UUID is the right format for a key", because the answer is no 99% of the time. |
|
|