0

Is it possible for a Javascript client create a UUID that cannot be faked?

For example, suppose one of the solutions from Create GUID / UUID in JavaScript? were used to generate a UUID and send a create request with UUID to the server. Is it possible for the server to check that the UUID was indeed created by the Javascript function and not by some other function?

One idea is to use a checksum, but the UUID generation and checksum code would be visible to a "hacker". They could simply modify the Javascript function and then add the checksum.

So, are there any good solutions to this problem?

Community
  • 1
  • 1
B Seven
  • 44,484
  • 66
  • 240
  • 385
  • Sounds like an X:Y problem. Why do you care if the UUID was created by the Javascript function, and what happens if it isn't? –  Sep 25 '14 at 20:53
  • I'm not sure...it just seems weird that the random UUID is generated in Javascript, but a hacker could submit their own UUID. It seems like if the client is going to generate it, then the server needs a way to validate that it was generated correctly. – B Seven Sep 25 '14 at 20:56
  • It's just an identifier and has no special powers or privileges so why worry? –  Sep 25 '14 at 21:00

2 Answers2

1

You shouldn't care about who created the UUID. The server should only check if the UUID sent by the client respects the UUID format and perhaps check if somehow the same UUID was used already (this depends on your needs).

That is unless your UUID value is used as a secret (e.g. an activation number). In this case, the value shouldn't be generated client-side and the server should keep track of the values it generated.

plalx
  • 42,889
  • 6
  • 74
  • 90
0

You can do some basic sanity checks like length or format, but what you are actually asking is "Given a number can I check that it was generated by a particular random number generator?". If the random number generator is truly random then the answer has to be "no", since if I can back-track from the answer to the function that easily then it's not very random.

Adam
  • 6,539
  • 3
  • 39
  • 65