DEV Community

Discussion on: Exposing sequential IDs is bad! Here is how to avoid it.

Collapse
pervezc profile image
Pervez Choudhury

You can use the uuid as the primary key and instead address the security and performance issues directly.

You can start to address the performance concerns by not storing the uuid as a string, and using the built on database mechanism to store them efficiently.

In some databases like SQL Server you can also avoid making them the primary key the clustered index so that inserts do. It happen randomly throughout the data when you add new rows.

To avoid people guessing the different primary keys, assume an attacker already knows the id and instead ensure you have good authorisation checks in place in your application to prevent returning data that the user is not allowed to see.

For example include a property that tells you the owner of the data and check this value matches the current logged in user account for every read.

Collapse
victorioberra profile image
Victorio Berra

In some databases like SQL Server you can also avoid making them the primary key the clustered index so that inserts do. It happen randomly throughout the data when you add new rows.

Can you elaborate on this with SQL Server please?