| From: | Benedict Holland <benedict(dot)m(dot)holland(at)gmail(dot)com> |
|---|---|
| To: | Erik Wienhold <ewie(at)ewie(dot)name> |
| Cc: | Ron <ronljohnsonjr(at)gmail(dot)com>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Sequence vs UUID |
| Date: | 2023-01-29 01:44:20 |
| Message-ID: | CAD+mzoy0tPKf5+z8KsiFcXsPLE021fTbS7m-POFX8qv-N+M2_Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Why is it a terrible idea? I have been using them for years without a
single problem. I don't rely on them for create order. Terrible seem a bit
extreme.
Thanks,
Ben
On Sat, Jan 28, 2023, 3:39 PM Erik Wienhold <ewie(at)ewie(dot)name> wrote:
> > On 27/01/2023 01:48 CET Ron <ronljohnsonjr(at)gmail(dot)com> wrote:
> >
> > On 1/26/23 15:55, Erik Wienhold wrote:
> > >
> > > There are arguments against sequential PK, e.g. they give away too
> much info and
> > > allow attacks such as forced browsing[2]. The first I can understand:
> you may
> > > not want to reveal the number of users or customers. But access
> control should
> > > prevent forced browsing.
> >
> > Shouldn't your application layer isolate the users from the database?
> UUIDs
> > are all over the DBs I manage, but the PKs are all sequences.
>
> Yes, I meant the application layer, not Postgres' access control.
>
> --
> Erik
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron | 2023-01-29 02:01:50 | Re: Sequence vs UUID |
| Previous Message | Christophe Pettus | 2023-01-28 20:55:57 | Re: Why is this SELECT evaluated? |