Comments (2)
silesky
commented on August 16, 2024
1
@andrewloyola Thanks. This a good find. That's a big no-no.
Background: because of requirements around browser support, the simple uuid is not safe -- which is why hashing was added to begin with.
I think we're interested in ripping the band-aid off and removing the md5 dependency, and just doing:
https://github.com/segmentio/analytics-next/blob/master/packages/node/src/lib/get-message-id.ts
(Appending the current epoch date should add safety. Our thinking is that the odds that any given hash collision would happen at the same time, down to the ms, is much less (We haven't had any complaints yet on node)).
from analytics-next.
andrewloyola
commented on August 16, 2024
ah yes that makes sense, and glad there is already a pattern to do so. The epoch date solution should cover the cases we've seen at least. +1 support on band-aid ripping.
from analytics-next.
Related Issues (20)
- Rare Context2 in Nuxt 3 HOT 1
- Can not install library without node overrides HOT 5
- Consent module pollutes logs when using OneTrust's "Consent Rate Optimization" feature. HOT 1
- Can `.load()` support a symmetric key to not expose real write key? HOT 1
- analytics-node does not close HTTPS connection on closeAndFlush HOT 2
- Snippet version 5.2.0 loads analytics.min.js and analytics.classic.js at the same time HOT 1
- How to Set a Whitelist of Domains for a Segment JavaScript source WriteKey to Prevent Misuse? HOT 1
- Typescript issue on consent object of CoreExtraContext type HOT 1
- Analytics not flushed in Node >= 18 HOT 1
- Safari's Enhanced Tracking Protection Leads to Unhandled Promise Rejection HOT 11
- @segment/analytics-consent-wrapper-onetrust README code sandbox link looks incorrect HOT 1
- npm install fails for Node 18.XX and Node 20.XX HOT 1
- Cannot install package via NPM HOT 7
- Could not resolve "./lib/window-analytics-helper" when building with vite HOT 1
- Setting a low `flushInterval` effectively breaks `closeAndFlush()` HOT 2
- analytics.user function should be listed as optionally undefined in typescript definitions
- Serve polyfill bundle from segment.com domain (for snippet/standalone users) HOT 6
- How to write an enrichment plugin that fires after a remote integration? HOT 4
- Serve polyfill bundle from segment.com domain (for snippet/standalone users) enhancement [test]
- Test
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from analytics-next.