The T-SQL RAND function is documented to continue the sequence from the original seed value for the same database connection.
For example, if you open a new window in SSMS and run select rand(7),rand(),rand() and then in a separate query (but the same window and therefore the same connection) run select rand(),rand(),rand(), take note of all six values. Repeat the two calls in the same order to see that the exact same values are generated, proving that the original seed value of 7 determines the latter 3 random results, even though they're run as a separate statement, because they're run on the same connection.
I was wondering if this could impact seemingly separate calls in the .NET framework because of connection pooling. For example, if 3 mobile device users all made a server call in quick succession to pick a random number, and .NET used the same connection for all three, and the users were able to identify the whole sequence from those 3 numbers (being familiar with the implementation of rand), then could they predict additional numbers that may subsquently be generated for other users in different regions because of how RAND is tied to the connection? Or, does .NET reset the connection between calls in some way that actually resets the RAND seed when one is not specified.
(I don't use RAND, I use crypt_gen_random, so this is a purely academic question).
Aucun commentaire:
Enregistrer un commentaire