For userIds, I generate a unique id from their email address. If they later change the email address, they keep the id anyway. I really like natural keys.
Of course, if you want to use that id in URLs, it would be good to use a second unique id that is not used as a foreign key, so that people can change their "url-id" if needed. On 11/30/17, Simon Slavin <slav...@bigfraud.org> wrote: > > > On 30 Nov 2017, at 3:52pm, Stephen Chrzanowski <pontia...@gmail.com> wrote: > >> As one of the security guys here at work say, "Security does not help >> convenience". In the debug world, yeah, I agree, looking for 4310 is much >> easier than 8af7* but, that should stick to a debug environment. > > From the user/password system on in, almost all the code I write exists to > stop people from doing things. I’m serious. I’d estimate about 70% > authentication, cross-site scripting checks and log files, and 20% > user-interface and 10% report/display. > > By the way, using sequence numbers to deduce data was understood a hundred > year ago (okay, 1920). Adolf Hitler was the 55th member of the Nazi party > but his membership number was 555 to make the party look bigger. And > pictures of British ship engine rooms and tank engines were not allowed to > show engine serial numbers until after WW2 ended. > > Simon. > _______________________________________________ > sqlite-users mailing list > firstname.lastname@example.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list email@example.com http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users