Hello everybody!
I need your help for this question: Should I use UUIDs right away for internal relations and POST parameters sent from and returned to the frontend or should I stay with incremental IDs?
I know the whole passing incremental IDs is bad but I'm not sure if I should do all the work to switch from incremental IDs (which is out of the box) to UUIDs.
I'm looking forward to your answers.
Thank you very much and have a blessed day!
Incremental IDs. If you want to prevent the simple URL/parameter manipulation by incrementing I would use a "token/uuid" field as a second unique column.
Because I know you use Laravel you can use this:
Route::model('shooting', Shooting::class, function ($token) {
return Shooting::byToken($token)->firstOrFail();
});
Route::pattern('shooting', '[a-z0-9]+');But I would never go for UUIDs in a relation DB as PK.
In my mind, you shouldn't be able to get access to any information that you're not supposed to get by guessing either incremental ID or UUIID. So I think using incremental ID keeps you on your toes: instead of just assuming nobody will guess an UUID, you simply start with the case of it being known, and then make that secure.
I'm no expert, but this has been my reasoning so far. Like Gummibeer said, if I needed something else, I'd probably add another column. Like users might have a simple increment int ID internally, but an UUID publically.