undefined | Better HN

0 pointsveec_cas_tant2y ago0 comments

What value does the checksum provide? I think I'm missing something because I really don't see a benefit.

0 comments

The benefit is that you can reject bad requests to an API more easily.

For one application I used a base 58 encoded value. Part of it was a truncated hmac, which I used like check digits. This meant I could validate IDs before hitting the DB. As an attacker or script kiddie could otherwise try a resource exhaustion attack.

So in the age of public internet faceing APIs and app urls, I think built in optional check digit support is a good idea.

veec_cas_tantOP2y ago

I struggle to see how 10 bits of check data will help much. I guess if the extra bits aren’t persisted to storage it doesn’t hurt so why not?

diroussel2y ago

Storage can get corrupted, columns can be truncated. For the applications I tend to touch correctness and the ability to detect errors and tamper are more important that a couple of bytes per row. But every application and domain is different.

bumbledraven2y ago

Checksums facilitate error detection. For typed UUIDs, checksums help detect errors introduced by changing the prefix/type or changing a “digit”.

j / k navigate · click thread line to collapse

0 comments

diroussel2y ago

The benefit is that you can reject bad requests to an API more easily.

So in the age of public internet faceing APIs and app urls, I think built in optional check digit support is a good idea.

veec_cas_tantOP2y ago

I struggle to see how 10 bits of check data will help much. I guess if the extra bits aren’t persisted to storage it doesn’t hurt so why not?

diroussel2y ago

bumbledraven2y ago

Checksums facilitate error detection. For typed UUIDs, checksums help detect errors introduced by changing the prefix/type or changing a “digit”.

j / k navigate · click thread line to collapse