Bill Moran wrote:
In response to Steve Atkins <[EMAIL PROTECTED]>:
On Aug 12, 2008, at 8:21 AM, Bill Moran wrote:
In response to Moritz Onken <[EMAIL PROTECTED]>:
Am 12.08.2008 um 17:04 schrieb Bill Moran:
In response to Moritz Onken <[EMAIL PROTECTED]>:
We chose UUID as PK because there is still some information in an
integer key.
You can see if a user has registered before someone else
(user1.id <
user2.id)
or you can see how many new users registered in a specific period
of
time
(compare the id of the newest user to the id a week ago). This is
information
which is in some cases critical.
So you're accidentally storing critical information in magic values
instead of storing it explicitly?
Good luck with that.
How do I store critical information? I was just saying that it easy
to get some information out of a primary key which is an incrementing
integer. And it makes sense, in some rare cases, to have a PK which
is some kind of random like UUIDs where you cannot guess the next
value.
Interesting. Ordered chronologically and the next value is unguessable.
I just repeated your words. Read above "this is information which
is in
some cases critical."
If I misunderstood, then I misunderstood.
I think Moritz is more concerned about leakage of critical information,
rather than intentional storage of it. When a simple incrementing
integer
is used as an identifier in publicly visible places (webapps, ticketing
systems) then that may leak more information than intended.
I think there are better ways to accomplish this than encoding and
decoding/decrypting a PK. Store the sensitive data in a session variable
or store session data in the database neither of which is accessible to
users.
It is usually a big mistake to de-normalize a table by encoding several
fields in a single column PK or not. If you want to do something with
the encoded data such as find one or more rows with an encoded value
then you will have to inspect every row and decode it and then compare
it or add it or whatever.
Then I did misunderstand.
--
H. Hall
ReedyRiver Group LLC
http://www.reedyriver.com
--
Sent via pgsql-performance mailing list (pgsql-performance@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
