On Tue, 18 Mar 2008 13:40:42 -0500 "Campbell, Lance" <[EMAIL PROTECTED]> wrote: > Why use a random number as a primary key? Security via obscurity.
Something with very short shelf life but... > I build web applications for a living. In most of my applications it is > preferable to use a random primary key. Why? I understand why you might need a random field. My question is, why does it have to be the primary key? I'm also not sure why it has to be unique. You can always base the URL on both the primary key and the security field. Now you don't need to worry about collisions. In addition the serial number can be a public reference to the record. Off-topic but related, funny story, I was once in charge of a medium sized ISP and some suit came to me and suggested that for extra security we should not let users pick passwords that already existed in the system. My response was "So the error message should be that someone in the system already has the password that you tried to use?" -- D'Arcy J.M. Cain <[EMAIL PROTECTED]> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner. -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
