From: | Steve Atkins <steve(at)blighty(dot)com> |
---|---|
To: | PostgreSQL Performance <pgsql-performance(at)postgresql(dot)org> |
Subject: | Re: Using PK value as a String |
Date: | 2008-08-12 15:36:10 |
Message-ID: | 233F1248-E3EA-4572-9310-4E4BC13995DE@blighty.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-performance |
On Aug 12, 2008, at 8:21 AM, Bill Moran wrote:
> In response to Moritz Onken <onken(at)houseofdesign(dot)de>:
>
>>
>> Am 12.08.2008 um 17:04 schrieb Bill Moran:
>>
>>> In response to Moritz Onken <onken(at)houseofdesign(dot)de>:
>>>
>>>> We chose UUID as PK because there is still some information in an
>>>> integer key.
>>>> You can see if a user has registered before someone else
>>>> (user1.id <
>>>> user2.id)
>>>> or you can see how many new users registered in a specific period
>>>> of
>>>> time
>>>> (compare the id of the newest user to the id a week ago). This is
>>>> information
>>>> which is in some cases critical.
>>>
>>> So you're accidentally storing critical information in magic values
>>> instead of storing it explicitly?
>>>
>>> Good luck with that.
>>
>> How do I store critical information? I was just saying that it easy
>> to get some information out of a primary key which is an incrementing
>> integer. And it makes sense, in some rare cases, to have a PK which
>> is some kind of random like UUIDs where you cannot guess the next
>> value.
>
> I just repeated your words. Read above "this is information which
> is in
> some cases critical."
>
> If I misunderstood, then I misunderstood.
>
I think Moritz is more concerned about leakage of critical information,
rather than intentional storage of it. When a simple incrementing
integer
is used as an identifier in publicly visible places (webapps, ticketing
systems) then that may leak more information than intended.
Cheers,
Steve
From | Date | Subject | |
---|---|---|---|
Next Message | Bill Moran | 2008-08-12 15:48:40 | Re: Using PK value as a String |
Previous Message | Moritz Onken | 2008-08-12 15:24:50 | Re: Using PK value as a String |