1

I'm implementing an iPhone application that syncs data with an AppEngine backend. I'm using this method to implement the syncing:

How to Sync iPhone Core Data with web server, and then push to other devices?

To be able to create objects offline on the phone I've decided to use GUID as primary key in the iPhone app. And when I receive new objects from the server they must then relate to each other with GUID, for example object A reference object B by having a GUID reference. To make it easier to create the json data for each object (A) that references another object (B) with ReferenceProperty, I'm thinking about having the GUID as key name so I can get the GUID from the ReferenceProperty/Key without having to fetch the referenced object (B) each time I want to serialize object (A).

Is using a GUID as key name on all objects a good way to solve this?

Community
  • 1
  • 1
thejaz
  • 2,763
  • 2
  • 26
  • 40
  • Be careful that a malicious user couldn't deliberately generate a duplicate UUID to someone else, and overwrite or read another user's data. – Nick Johnson Aug 18 '11 at 03:19
  • Thanks for the tip. But isn't this a a general problem whatever type of ID an application uses? And with UUID, the risk decreases to almost zero because it's very hard to guess an UUID? – thejaz Aug 18 '11 at 07:29
  • The difference is that in this case the attacker gets to choose the ID, when usually they don't. UUIDs can be hard to guess, but that's not a guaranteed property of them, and you should never rely on how hard your identifier is to guess for security - always validate their credentials! – Nick Johnson Aug 18 '11 at 10:54

1 Answers1

1

Yes, if you want to eager assign a random, unique ID, GUID key names are a good fit.

Drew Sears
  • 12,812
  • 1
  • 32
  • 41
  • I don't want to, I have to...because different devices can add objects offline withouy knowing each other. Or do you mean I have a choice? And I guess GUID is a standard way of doing it, but my question is more about AppEngine design if it is appropriate to store them as key name or if anyone have another idea how to solve it? – thejaz Aug 17 '11 at 13:03
  • Heh, sorry if I was unclear. Yes, I think GUID key names are the best solution for your requirements, and it's a completely appropriate design for App Engine. – Drew Sears Aug 17 '11 at 15:15
  • 1
    @DrewSears, GUIDs take up a lot more space than auto-generated numerical IDs – Price Jul 21 '15 at 01:58