Welcome to our inclusive community of web designers, developers and makers.
Creating an account takes less than 30 seconds, start participating right away!
Create account

Solved Using incremental IDs or UUIDs?

tom

Creator of StickerRun®
Gold Member
Community Team
Joined
Oct 13, 2019
Messages
162
Reaction score
148
Points
235
Location
Bregenz - Austria
Local Time
Today, 20:40
Website
www.stickerrun.com
Hello everybody!

I need your help for this question: Should I use UUIDs right away for internal relations and POST parameters sent from and returned to the frontend or should I stay with incremental IDs?
I know the whole passing incremental IDs is bad but I'm not sure if I should do all the work to switch from incremental IDs (which is out of the box) to UUIDs.

I'm looking forward to your answers.

Thank you very much and have a blessed day!
 

Gummibeer

Well-known member
Joined
Oct 5, 2019
Messages
546
Reaction score
424
Points
605
Age
26
Location
Hamburg, Germany
Local Time
Today, 20:40
Website
gummibeer.de
Incremental IDs. If you want to prevent the simple URL/parameter manipulation by incrementing I would use a "token/uuid" field as a second unique column.
Because I know you use Laravel you can use this:
PHP:
Route::model('shooting', Shooting::class, function ($token) {
    return Shooting::byToken($token)->firstOrFail();
});
Route::pattern('shooting', '[a-z0-9]+');
In your RouteServiceProvider or customize the route model resolving by any other method Routing - Laravel - The PHP Framework For Web Artisans

But I would never go for UUIDs in a relation DB as PK.
 
  • Hot
Reactions: tom

frood

Member
Joined
Oct 13, 2019
Messages
19
Reaction score
13
Points
5
In my mind, you shouldn't be able to get access to any information that you're not supposed to get by guessing either incremental ID or UUIID. So I think using incremental ID keeps you on your toes: instead of just assuming nobody will guess an UUID, you simply start with the case of it being known, and then make that secure.

I'm no expert, but this has been my reasoning so far. Like Gummibeer said, if I needed something else, I'd probably add another column. Like users might have a simple increment int ID internally, but an UUID publically.
 
  • Like
Reactions: Gummibeer