Read on Twitter
In a dilemma atm. I need to uniquely identify rows in a DB and expose this unique identity to the client. It is a (potential) security flaw to expose auto-incremented int ids.
However, UUIDs (the alt) are strings. This means they use more space and take a longer time to match.
However, UUIDs (the alt) are strings. This means they use more space and take a longer time to match.
Which should I use? Should I expose the int ids if I think it doesn't pose a security flaw? Should I expose UUIDs instead because space is cheap?
Need ideas on how people on the TL make decisions in this kind of situation.
Need ideas on how people on the TL make decisions in this kind of situation.
Something else that is great about UUIDs is that they could save me a DB call.
First image models using UUIDs. Second image models using DB-controlled auto-incremented int ids.
First image models using UUIDs. Second image models using DB-controlled auto-incremented int ids.
The general consensus here is:
- Space is cheap, so the size of UUIDs is negligible today
- It's better to have a slow system than to have a hacked system
- Auto-incremented IDs are not good for distributed systems (yup!)
- Space is cheap, so the size of UUIDs is negligible today
- It's better to have a slow system than to have a hacked system
- Auto-incremented IDs are not good for distributed systems (yup!)
PS: Some people gave some great alternatives to consider in this thread. I hadn't heard of some before. Thank you!
