Reputation: 504
Why is it bad practice to have an auto-increment primary key as a URL identifier?
I've read that it's bad practice to have the following url https://www.example.com/posts/{post_id} where post_id corresponds to the post's primary key (see below).
I don't care that users know how many posts there are and my I'm handling authorization on the backend so that a user can only access their posts (so even if a bad actor knows someone's post_id, they won't have access to it). I'm using Postgres and also don't envision moving databases.
CREATE TABLE posts (
PRIMARY KEY (post_id),
post_id bigint GENERATED ALWAYS AS IDENTITY
);
Upvotes: 2
Views: 168
Answers (1)
Reputation: 1269953
You seem to have taken care of the obvious difficulties, but I would still advise something less interpretable.
After all, if someone knows that "n" is valid in the URL, then they can try to get in using any value from 0 - n. Giving such hints seems like an unnecessary hint to those who have less than honorable intentions.
Upvotes: 2
Related Questions
- Is it good idea to reuse auto-generated ids? [PostgreSQL]
- What are the disadvantages in using IDs suffixed by a table identifying number?
- postgresql unique non-sequential id for url
- Reasons not to use an auto-incrementing number for a primary key
- What is the acceptable method for generating an auto incrementing primary key in PostgreSQL?
- postgres: id auto-increment with millions of rows per day. is it bad?
- Using Primary Key / ID Field as an identifier in a URL
- What are the positives and negatives of leaving the primary key as an auto incrementing field in django?
- Bad practice to use id on Primary key
- Better to use URL (long string) for primary key, or a shorter serial integer primary key?