| From: | Vivek Khera <vivek(at)khera(dot)org> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Create on insert a unique random number |
| Date: | 2008-03-18 19:12:41 |
| Message-ID: | 87444A52-4950-4A16-96FB-524BE22EF54C@khera.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Mar 18, 2008, at 2:40 PM, Campbell, Lance wrote:
> Why use a random number as a primary key? Security via obscurity.
>
> I build web applications for a living. In most of my applications
> it is
> preferable to use a random primary key. Why?
Don't expose the actual ID to the end user; only expose a reversible
encrypted form of it. We use a relatively simple hash + check
character. If you have several examples of it, you can reverse
engineer it, but the casual "hacker" is easily thwarted.
You can use stronger encryption on the number when exposed to end
users if you need. You're making your DB overly complex.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Midgley | 2008-03-18 19:23:35 | Re: Create on insert a unique random number |
| Previous Message | Erik Jones | 2008-03-18 18:59:50 | Re: Create on insert a unique random number |