Questions
Is it possible for a Javascript client create a UUID that cannot be faked?
http://stackoverflow.com/questions/105034/how-to-create-a-guid-uuid-in-javascript
http://stackoverflow.com/questions/105034/how-to-create-a-guid-uuid-in-javascript
One idea is to use a checksum, but the UUID generation and checksum code would be visible to a "hacker". They could simply modify the Javascript function and then add the checksum.
So, are there any good solutions to this problem?
Answers
You shouldn t care about who created the UUID. The server should only check if the UUID sent by the client respects the UUID format and perhaps check if somehow the same UUID was used already (this depends on your needs).
That is unless your UUID value is used as a secret (e.g. an activation number). In this case, the value shouldn t be generated client-side and the server should keep track of the values it generated.
Source
License : cc by-sa 3.0
http://stackoverflow.com/questions/26047892/how-to-have-a-javascript-client-create-a-secure-uuid
Related