Quick Links

Re: Sequence vs UUID

From:	Erik Wienhold <ewie(at)ewie(dot)name>
To:	Ron <ronljohnsonjr(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org
Subject:	Re: Sequence vs UUID
Date:	2023-01-28 20:39:31
Message-ID:	1015127885.422245.1674938371999@office.mailbox.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

> On 27/01/2023 01:48 CET Ron <ronljohnsonjr(at)gmail(dot)com> wrote:
>
> On 1/26/23 15:55, Erik Wienhold wrote:
> >
> > There are arguments against sequential PK, e.g. they give away too much info and
> > allow attacks such as forced browsing[2]. The first I can understand: you may
> > not want to reveal the number of users or customers. But access control should
> > prevent forced browsing.
>
> Shouldn't your application layer isolate the users from the database? UUIDs
> are all over the DBs I manage, but the PKs are all sequences.

Yes, I meant the application layer, not Postgres' access control.

--
Erik

In response to

Re: Sequence vs UUID at 2023-01-27 00:48:50 from Ron

Responses

Re: Sequence vs UUID at 2023-01-29 01:44:20 from Benedict Holland

Browse pgsql-general by date

	From	Date	Subject
Next Message	Christophe Pettus	2023-01-28 20:55:57	Re: Why is this SELECT evaluated?
Previous Message	Erik Wienhold	2023-01-28 20:34:01	Re: Why is this SELECT evaluated?