In some Oracle ATG Web Commerce applications, you might want to generate IDs that, for security purposes, cannot be easily guessed. For example, ATG Commerce generates IDs for a gift certificates. The ObfuscatedSQLIdGenerator
obfuscates the generated IDs in two ways. First, for a given batch of reserved IDs, it gives out only a few IDs. Second, IDs can be optionally hex encoded when being used as String IDs. Both the String and long IDs generated use a pseudo-random number generator to get a long ID from the current batch of IDs. In addition to not giving out the same ID twice, this implementation is not given out adjacent long IDs (or String IDs that come from adjacent long IDs).
The IdSpace
properties batchSize
and idsPerBatch
are used in conjunction. The batchSize
property works as in the SQLIdGenerator
. The idsPerBatch
property is the maximum number of IDs that are given out in any given batch.
It is strongly recommended that idsPerBatch
be less than 1 percent of the batchSize
. This is both for security and performance. For security, a sparse—that is, less dense—ID space makes it harder to guess IDs. Because this implementation does not give out adjacent IDs, it might be forced to do more work to find suitable IDs if the ID space is too dense. This implementation does not allow an ID space to be added that is denser than 10 percent. That is, idsPerBatch
divided by batchSize
must be less than 0.1
. Always set these two properties together to maintain the 1 percent density goal.
The recommended values for batchSize
and idsPerBatch
are 100000
and 997
, respectively. These numbers are not magic: 100000
is the default batch size, while 997
is a prime number that is slightly less than 1 percent of the batch size.