Q : Create file GUID on server instead of client?

May 17, 2010 at 11:20 PM
Edited May 17, 2010 at 11:21 PM
Hello, First of all, I'd like to thank the authors for creating such a fantastic and highly functional open source product and for sharing it with the world. This plug-in is loaded with functionality, looks great, and has plenty of bells and whistles, and is a pure platform solution. It's also great how the download includes the Silverlight control, the .Net web control (for easily invoking the Silverlight control), and an HTTP handler (for receiving the file upload).

I found that if I add the interface IRequiresSessionState to the UploaderControlHandler class, then I can access the session and do my necessary security checks on the server side when receiving a file upload. Whereas, with some of the flash oriented file upload products, getting access to the asp.net session on the server side is more challenging and messy.

Question
I noticed that the file Guid is created from the Silverlight client context, and I wanted to see what you all think about having the Guid created by the http handler when the file(s) are uploaded. That way, the risk of a Guid name collision would be significantly reduced, no?

Thank you,
-Neo700
Coordinator
Jul 22, 2010 at 9:21 PM
Let me make sure that I'm understanding your underlying concern: You are worried that there is a potential risk that a GUID generated on the client computer to identify the uploaded file could conflict with GUIDs being generated on your server for other purposes. If that accurately describes your concern, then I think you can put your mind at ease: for all practical purposes, a GUID is guaranteed to be GLOBALLY unique. Yes, it is true that theoretically two contexts could generate the same GUID... but the chances are so small that nobody worries about it. In fact, that is the whole point of using GUIDs -- you don't have to check or worry. This scenario is actually one of the main use cases for GUIDs: I have one context (the client) that wants to generate a unique identifier that it can be confident will not exist in another context (the server). The two contexts (client and server) don't need to communicate with each other or be coupled in any way: the statistical characteristics of GUID generation practically guarantee uniqueness.
Jul 22, 2010 at 9:51 PM
Edited Jul 22, 2010 at 9:52 PM
Ok, thanks for the response. You did accurately describe my concern and if a GUID is guaranteed to be globally unique, then my concern can be put to rest.

Thank you,
-Neo700