Closed tushar-compro closed 1 month ago
hey @tushar-compro
addActivity
JS code.Note that if you send in foreign_id
and time
as stated in the best practices[1] the API will generate the same UUID for the same foreign_id+time
pair.
It's true that UUID v1 can be considered unsafe in some situations, is there anything in particular you're worried about in this specific case?
[1] https://getstream.io/activity-feeds/docs/node/what_to_store/
Hi @JimmyPettersson85 ,
We are sending foreign_id and time as suggested.
It has been raised by our pen testing team as an unsafe practice. Though we understand that this particular usecase does not result in any vulnerability in our system.
Can you tell which API are you talking about here? getStream's server side API? or some other third party API is being used by getStream?
It's our server side API generating the UUID, not a third party API.
okay
Thank for the info.
We are using addActivity API in one of our projects (private repo). The response that we are getting is as follow: { ... "id": "08a03f71-5497-11ef-a45d-0e298c33965b", ... }
The response has a property Id which is getting added from somewhere inside the addActivity API. This Id is UUID v1 which is considered comparatively unsafe. Thus, we wanted to know,
Thanks