Re: Drawbacks of using BYTEA for PK?

From: Greg Stark <gsstark(at)mit(dot)edu>
To: "D(dot) Dante Lorenso" <dante(at)lorenso(dot)com>
Cc: "Keith C(dot) Perry" <netadmin(at)vcsn(dot)com>, Greg Stark <gsstark(at)mit(dot)edu>, pgsql-general(at)postgresql(dot)org
Subject: Re: Drawbacks of using BYTEA for PK?
Date: 2004-01-13 05:24:33
Message-ID: 87r7y4qv3i.fsf@stark.xeocode.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


"D. Dante Lorenso" <dante(at)lorenso(dot)com> writes:

> Maybe a better example of my problem is with records throughout the system
> like invoices, customer data, etc... If any of these items use a sequence
> and that sequence is global to the table in the database and the number is
> exposed externally, then it is possible to infer the success of the company
> underneath, is it not?

Except that's exactly the way business has always been done. Though people
usually start new accounts with check# 50000 or something like that for
precisely that reason. But it's still pretty transparent, and they don't
really worry about it too much.

What you're saying is fundamentally valid, but I tend to think these kinds of
concerns are just generically overblown.

My only comment was that just taking an MD5 of the sequence gives you no
security. At the very least you have to include a secret. Even then I suspect
there are further subtle cryptographic issues. There always are.

--
greg

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Chris Ochs 2004-01-13 05:47:13 Re: sql insert function
Previous Message Tom Lane 2004-01-13 04:56:27 Re: Column qualifier issue