![]() This may be in conflict with a) your framework, b) your zenlike contemplation of simplicity in data management, or c) programmers in a hurry forgetting to scope their queries properly. However it requires that all usage is tenant-bounded end-through-end throughout your application. This might work particularly for multi-tenanted SaaS. Or, remember where the UUID came from, and apply their organisational scope to any trust you place upon it. Verify with whatever simple signature scheme comes with your application server framework, or at small scale just toss them in a crude LRU store. ![]() There are a few mitigations but my favourite is the "casino chips" approach: pregenerate them server side, and allocate to clients on demand, including en masse if need be ("here kid, have a few million UUIDs to get you started"). Applications may have potentially guessable/gameable object identifiers sloshing around inside as a consequence, which is modestly ironic given that one benefit many folks expect from adopting UUIDs in the first place is hardening up the attack surface of trivially enumerable sequences. The validity of that is already challenged by variants defining temporal or logical order, and evaporates completely if you let clients declare their own that you accept at face value. a join key designed to refer to rarely-accessed fields of a wide table).Ĭaveat programmer: this could be problematic, not in the sense it doesn't work, but in the sense that someone working on backend code may have a preconceived expectation that UUIDs are also effectively a keyspace i.e. That means it should be something reasonable to print, read, say, and hear and it should also follow a pattern so it can be distinguished from other special numbers.Īuto-increment is a shortcut, but usually not great in the long term unless it's something that will be well-contained inside the database as an implementation detail (e.g. It's best to just plan for any new key to be a natural key, which means using best practices for natural keys. The number will make it out somehow (as a "record locator" in a customer support call or something), and eventually become a natural key. ![]() When you decide that whatever natural keys already exist aren't good enough for your organization, and you make a new key, it's not good to think of that as a surrogate key. Therefore, it's a natural key, just like a name. The only meaningful distinction between a natural key and a surrogate key is whether the number ever escapes the original system.įor instance, a driver's license number is printed on the card itself, so a human sees it.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |