Out of curiousity, what is your highest customer ID and how much does it go up each day?
4349036 in less than a month
I know i can change to long but it bothers me on a personal level
CustomerID jumps from 1 to 591 for only 8 registred users
- 388
- 2376
- 30/11/2011
- United Kingdom
I'm aware it is out of context of what is being disscussed now.
But I have implemented the following the trigger that inserts register customer's into a different system. That only calls registered customer's and Not guest customers. I have based it on the CustomerAddresess table. On the principle of a three table join. If thet have and address then it populates the forth table.
Bascally registering the customer and there address and joining through the CustomerAddresses table.
But I have implemented the following the trigger that inserts register customer's into a different system. That only calls registered customer's and Not guest customers. I have based it on the CustomerAddresess table. On the principle of a three table join. If thet have and address then it populates the forth table.
Bascally registering the customer and there address and joining through the CustomerAddresses table.
FROM Inserted ca
LEFT JOIN Customer c on c.Id = ca.Customer_id
LEFT JOIN Address ON ca.Address_id = Address.Id
- 36
- 268
- 07/07/2010
- Brazil
(google translator)
I would like to congratulate everyone for this excellent work.I know this was purposely designed, but I think this is a deficiency for one reason.
Security: I noticed that it is quite common for a guest user is added to the database. Or the whole page each request or read by a search robot. What in my opinion can generate unnecessary traffic in the database, and make the system slow, making it easy DDOS attack.
Also, some of my clients find it odd IDs rise on this scale, and has asked for several times to solve the problem.I do not know what would be the best solution, but I think it would be interesting to create an object in memory, as a section object or cache. perhaps create a guest only if he makes an action that requires a record, adding objects to cart for exemple.
thank you
I would like to congratulate everyone for this excellent work.I know this was purposely designed, but I think this is a deficiency for one reason.
Security: I noticed that it is quite common for a guest user is added to the database. Or the whole page each request or read by a search robot. What in my opinion can generate unnecessary traffic in the database, and make the system slow, making it easy DDOS attack.
Also, some of my clients find it odd IDs rise on this scale, and has asked for several times to solve the problem.I do not know what would be the best solution, but I think it would be interesting to create an object in memory, as a section object or cache. perhaps create a guest only if he makes an action that requires a record, adding objects to cart for exemple.
thank you
- 36
- 268
- 07/07/2010
- Brazil
AndyMcKenna wrote:
I think the issue here is not the IDs, if I get a program that scans your site, like the linkchecker, and create a hundred instances of it with proxies, I brake if your server is dedicated, if I put the same program on two computers, I drop your site if it is in a shared environment, it does not bothers you? note that the program cited is not intended to attack. I propose a test for you guys, download the linkchecker, which is free and run against a clean installation of nop 2.8 with sample data. you will have about 500 new guest users.
But I'm not here to complain, I will propose a solution for those who want
Why does it bother you? You've got 40 years at your current rate of 144,000 a day without changing anything. If you switched to bigint (long) you'd have 175,401,114,964 years.
It just doesn't seem like it's worth the effort to reuse IDs.
It just doesn't seem like it's worth the effort to reuse IDs.
I think the issue here is not the IDs, if I get a program that scans your site, like the linkchecker, and create a hundred instances of it with proxies, I brake if your server is dedicated, if I put the same program on two computers, I drop your site if it is in a shared environment, it does not bothers you? note that the program cited is not intended to attack. I propose a test for you guys, download the linkchecker, which is free and run against a clean installation of nop 2.8 with sample data. you will have about 500 new guest users.
But I'm not here to complain, I will propose a solution for those who want
- 36
- 268
- 07/07/2010
- Brazil
After breaking my head for a long time, I came to a solution that worked very well for me and I will share with you.is a very simple solution, and of course, you will need the source code of the application, the changes were made in the last changeset before going to MVC 4, so 2.65 +.Let's modify two methods, and create two others;First alter the already famous and infamous "GetCurrentCustomer ()"
if (_cachedCustomer != null)
return _cachedCustomer;
Customer customer = null;
if (_httpContext != null)
{
//check whether request is made by a search engine
//in this case return built-in customer record for search engines
//or comment the following two lines of code in order to disable this functionality
if (_webHelper.IsSearchEngine(_httpContext))
customer = _customerService.GetCustomerBySystemName(SystemCustomerNames.SearchEngine);
//registered user
if (customer == null || customer.Deleted || !customer.Active)
{
customer = _authenticationService.GetAuthenticatedCustomer();
}
// impersonate user if required (currently used for 'phone order' support)
if (customer != null && !customer.Deleted && customer.Active)
{
int? impersonatedCustomerId = customer.GetAttribute<int?>(SystemCustomerAttributeNames.ImpersonatedCustomerId);
if (impersonatedCustomerId.HasValue && impersonatedCustomerId.Value > 0)
{
var impersonatedCustomer = _customerService.GetCustomerById(impersonatedCustomerId.Value);
if (impersonatedCustomer != null && !impersonatedCustomer.Deleted && impersonatedCustomer.Active)
{
//set impersonated customer
_originalCustomerIfImpersonated = customer;
customer = impersonatedCustomer;
}
}
}
if (customer != null && !customer.Deleted && customer.Active)
{
_cachedCustomer = customer;
return _cachedCustomer;
}
//load guest customer
if (customer == null)
{
var customerCookie = GetCustomerCookie();
if (customerCookie != null && !String.IsNullOrEmpty(customerCookie.Value))
{
Guid customerGuid;
if (Guid.TryParse(customerCookie.Value, out customerGuid))
{
var customerByCookie = _customerService.GetCustomerByGuid(customerGuid);
if (customerByCookie != null && !customerByCookie.IsRegistered())
{
customer = customerByCookie;
_cachedCustomer = customer;
return _cachedCustomer;
}
}
}
}
}
//validation
if (customer != null && !customer.Deleted && customer.Active)
{
_cachedCustomer = customer;
return _cachedCustomer;
}
var guestSearchCustomer = _customerService.GetCustomerBySystemName(SystemCustomerNames.SearchEngine);
if (guestSearchCustomer == null)
throw new NopException("No customer found for the rule searchengine");
SetCustomerCookie(guestSearchCustomer.CustomerGuid);
_cachedCustomer = guestSearchCustomer;
return _cachedCustomer;
}