Using incremental IDs or UUIDs?

[tom]

Hello everybody!

I need your help for this question: Should I use UUIDs right away for internal relations and POST parameters sent from and returned to the frontend or should I stay with incremental IDs?
I know the whole passing incremental IDs is bad but I'm not sure if I should do all the work to switch from incremental IDs (which is out of the box) to UUIDs.

I'm looking forward to your answers.

Thank you very much and have a blessed day!

 

[Gummibeer]

Incremental IDs. If you want to prevent the simple URL/parameter manipulation by incrementing I would use a "token/uuid" field as a second unique column.
Because I know you use Laravel you can use this:

Route::model('shooting', Shooting::class, function ($token) {
    return Shooting::byToken($token)->firstOrFail();
});
Route::pattern('shooting', '[a-z0-9]+');

In your RouteServiceProvider or customize the route model resolving by any other method Routing - Laravel - The PHP Framework For Web Artisans

But I would never go for UUIDs in a relation DB as PK.

 

[frood]

In my mind, you shouldn't be able to get access to any information that you're not supposed to get by guessing either incremental ID or UUIID. So I think using incremental ID keeps you on your toes: instead of just assuming nobody will guess an UUID, you simply start with the case of it being known, and then make that secure.

I'm no expert, but this has been my reasoning so far. Like Gummibeer said, if I needed something else, I'd probably add another column. Like users might have a simple increment int ID internally, but an UUID publically.

 

[tom]

Thank you very much for your input. Having an UUID column in addition to the internal incremental ID sounds like a good plan. I'll go for this.