Create a new account
Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.
I've just requested that this be the first line of every new specification we prepare:
Internal database IDs should never be externally visible.
If a customer wants an "ID", I'll be happy to make them one.
Sorry, I was unclear. The id is typically in the URL or in a hidden field and that's fine, but it shouldn't be showing up in a table. It's not information that the user needs or can do anything with, but it can be tiring telling the user that it really doesn't mean anything and "no, you can't change it".
I worked on a system where the client was paranoid that people were able to see database IDs in hidden fields and change them. I wrote an extra layer that used 8 character random strings as IDs and it was a huge PITA.
I think that we might be using GUIDs for objects in Bricolage 2.0, probably using Data::UUID [cpan.org]. It will fascilitate syncing independent Bricolage servers. Of course, database sequence IDs will still be used for primary keys.
Reply to This
I would generalize that in a different way: no system-generated unique identifier should ever be interpreted as to its content. In other words, those columns should be used for joins to other tables and nothing else. For example, if you ever find yourself writing "order by" on that column, you're setting yourself up for trouble. As a test, if you're using any kind of SUID, I should be able to substitute 1, -47, or 240981 for any of the values consistently, and no program or user should be any the wiser.
Get More Comments