You can use the uuid as the primary key and instead address the security and performance issues directly.
You can start to address the performance concerns by not storing the uuid as a string, and using the built on database mechanism to store them efficiently.
In some databases like SQL Server you can also avoid making them the primary key the clustered index so that inserts do. It happen randomly throughout the data when you add new rows.
To avoid people guessing the different primary keys, assume an attacker already knows the id and instead ensure you have good authorisation checks in place in your application to prevent returning data that the user is not allowed to see.
For example include a property that tells you the owner of the data and check this value matches the current logged in user account for every read.
In some databases like SQL Server you can also avoid making them the primary key the clustered index so that inserts do. It happen randomly throughout the data when you add new rows.
Can you elaborate on this with SQL Server please?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You can use the uuid as the primary key and instead address the security and performance issues directly.
You can start to address the performance concerns by not storing the uuid as a string, and using the built on database mechanism to store them efficiently.
In some databases like SQL Server you can also avoid making them the primary key the clustered index so that inserts do. It happen randomly throughout the data when you add new rows.
To avoid people guessing the different primary keys, assume an attacker already knows the id and instead ensure you have good authorisation checks in place in your application to prevent returning data that the user is not allowed to see.
For example include a property that tells you the owner of the data and check this value matches the current logged in user account for every read.
Can you elaborate on this with SQL Server please?