SeiwonPark
commented
1 year ago Closed SeiwonPark closed 1 year ago
SeiwonPark
commented
1 year ago SeiwonPark
commented
1 year ago For PK, id numbers vs guids. Which suits better?
Related concerns:
SeiwonPark
commented
1 year ago 
kimjinmyeong
commented
1 year ago Thank you for sharing the link to refer to.
This is what I thought after reading the comments. :
It seems more appropriate to pk with numbers.
I think the best time to use GUID is to run multiple distributed servers or DB.
However, We don't use distributed systems, and I'm not sure if there will be a lot of duplication of id values between tables, but I think it's rare.
It also has the advantage of better numbers to manage and better performance.
From a security perspective, GUID provides stronger security, but since it is impossible to use our service without authentication, I don't think it's a consideration.
Please tell me if there are any other opinions or errors in my thoughts. Thank you!
2023년 3월 5일 (일) 오후 3:48, SeiwonPark @.***>님이 작성:
https://discourse.codinghorror.com/t/primary-keys-ids-versus-guids/597
— Reply to this email directly, view it on GitHub https://github.com/kookmin-sw/capstone-2023-40/issues/10#issuecomment-1455006355, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUD6WCUNVZUPGHH4QA7P7L3W2QZMVANCNFSM6AAAAAAVPJQHK4 . You are receiving this because you were assigned.Message ID: @.***>
SeiwonPark
commented
1 year ago From a security perspective, GUID provides stronger security, but since it is impossible to use our service without authentication, I don't think it's a consideration.
I agree with your thought using integer for PK, but could you explain this more in detail? If you meant there's a kind of relationship between GUID and Authentication, please share your thoughts!
One thing I've been considering is user's info shouldn't be accessed with predictable urls. So I suggested modifying route /mypage/:id to just /mypage with session data.
Security comes in a lot of different ways. But is it related to authentication?
What if guest user has accessed our main landing page, and then route to /mypage/${userA's guid}? I don't think it's guranteed whether the guest is authenticated or not. And the case userA routes to userB's mypage.
kimjinmyeong
commented
1 year ago The problem with numbers is that it is predictable.
If survey_id is 11111, I thought it was a kind of security issue in that I could enter by accessing /survey/111111. However, our platform is impossible to survey without logging in and accessible without authentication(ex: kakao, naver...)by survey.
But if authentication doesn't guarantee certain url access, I think I was mistaken.
As you said, if server prevents access to information with predictable URLs, this problem will be solved.
And that's why I thought I didn't have to use a guid with unpredictable advantages.
On Sun, Mar 5, 2023 at 17:32 SeiwonPark @.***> wrote:
From a security perspective, GUID provides stronger security, but since it is impossible to use our service without authentication, I don't think it's a consideration.
I agree with your thought using integer for PK, but could you explain this more in detail? If you meant there's a kind of relationship between GUID and Authentication, please share your thoughts!
one thing I've been considering is user's info shouldn't be accessed with predictable urls. So I suggested modifying route /mypage/:id to just /mypage with session data.
Security comes in a lot of different ways. But is it related to authentication? What if guest user is logged in, and then route to /mypage/${userA's guid}? I don't think it's guranteed whether the guest is authenticated or not.
— Reply to this email directly, view it on GitHub https://github.com/kookmin-sw/capstone-2023-40/issues/10#issuecomment-1455025087, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUD6WCXIWXKKZ33OM6HJJVDW2RFTPANCNFSM6AAAAAAVPJQHK4 . You are receiving this because you were assigned.Message ID: @.***>
SeiwonPark
commented
1 year ago Thank you for explanation! Yeah as clients who access to random routes could be filtered by
additional steps to prevent access isn't necessary but rather result in low performance. Good! Thank you again!
kimjinmyeong
commented
1 year ago Thank you for explanation too!
Needs to set ERD schema (whatever name is fine but singular).