The only security exploit I can think of is that users can view the assays performed by different users as long as they know the file's name. Since GCAT does not have the notion of uses/account, it can be hard to set up restrictions.
I suggest that we can make the uniqueID for each assay more complicated so that they would be harder to guess. Currently uniqueIDs are like 20151123-1448304987, the date followed by a timestamp. They are relatively easy to guess. If we add some random identifier after that, it will become more unlikely that users can view each other's assay results.
Another benefit for using a more complicated uniqueID is that if two users perform an assay within the same second, their files will no longer be mixed. Though this is unlikely to happen.
ybukhman
commented
8 years ago
The only security exploit I can think of is that users can view the assays performed by different users as long as they know the file's name. Since GCAT does not have the notion of uses/account, it can be hard to set up restrictions.
I suggest that we can make the uniqueID for each assay more complicated so that they would be harder to guess. Currently uniqueIDs are like
20151123-1448304987, the date followed by a timestamp. They are relatively easy to guess. If we add some random identifier after that, it will become more unlikely that users can view each other's assay results.Another benefit for using a more complicated uniqueID is that if two users perform an assay within the same second, their files will no longer be mixed. Though this is unlikely to happen.