You're mixing two different things here. One is database identifier the other is role based security and general security.
If you need to protect image from access, security by obscurity is not the answer. So the fact they can guess the ID's is not the problem, it's your security mechanism that is the issue that needs to be resolved.
How to implement them? UUIDs can be generated. There's a very minuscule chance of collision, also dependent on the implementation you use. So that would be a first to research, a good library for v4 UUID's
Software engineer with over 10 years experience in different technology stacks, architecting, developing, CI/CD and leading teams. Currently working with Java, Node.JS and Serverless
I understand the difference between security and DB IDs, but again, would you agree with me on the statement that it's easier to uncover the security issue with auto-incremented IDs?
I know how to generate UUIDs but again, the question was about other mechanisms to generate text IDs than UUIDs.
Anyway, I got the answer from others in the comments so thanks for your time spent on helping me.
No, auto incremented IDs or not does not have any bearing on security whatsoever. As I've already mentioned, obscurity does not equal security. Just because you choose a random identifier does not make it suddenly more secure.
Your statement would only be correct if it is indeed obscurity that was the only mechanism of protection.
I would say if there's a business need for certain identifier to exist, that should be the primary reason next to any technical requirement that may arise due to sharding/distributed data storage.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You're mixing two different things here. One is database identifier the other is role based security and general security.
If you need to protect image from access, security by obscurity is not the answer. So the fact they can guess the ID's is not the problem, it's your security mechanism that is the issue that needs to be resolved.
How to implement them? UUIDs can be generated. There's a very minuscule chance of collision, also dependent on the implementation you use. So that would be a first to research, a good library for v4 UUID's
I understand the difference between security and DB IDs, but again, would you agree with me on the statement that it's easier to uncover the security issue with auto-incremented IDs?
I know how to generate UUIDs but again, the question was about other mechanisms to generate text IDs than UUIDs.
Anyway, I got the answer from others in the comments so thanks for your time spent on helping me.
No, auto incremented IDs or not does not have any bearing on security whatsoever. As I've already mentioned, obscurity does not equal security. Just because you choose a random identifier does not make it suddenly more secure.
Your statement would only be correct if it is indeed obscurity that was the only mechanism of protection.
I would say if there's a business need for certain identifier to exist, that should be the primary reason next to any technical requirement that may arise due to sharding/distributed data storage.