mysql自动增量是否可以安全地用作用户ID? [英] Is mysql auto increment safe to use as userID?

问题描述

我正在一个允许人们在线创建个人资料的网站上工作.我想知道使用MySQL AUTO_INCREMENT ed ID作为用户ID是否是正确的选择.还牢记我可能必须一天在多个服务器上复制数据库吗?

I am working on website that allows people to create profiles online. I was wondering if it is the right choice to use MySQL AUTO_INCREMENTed IDs as my user ids. Also bearing in mind that I might have to duplicate the database across multiple servers one day?

例如您会在Twitter或Facebook这样的网站上将这种方法用于userId吗?

e.g. would you use this method for userIds on a website like Twitter or Facebook?

我以前尝试用PHP生成userId.我用了这样的东西:

I have tried generating userIds with PHP before. I used something like this:

function generateID() {
      $possible = "1234567890";
      $code = "";
      $characters = mt_rand(7,14);
      $i = 0;
      while ($i < $characters) { 
            $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
            $i++;
      }
      return $code;
}

这给出了我需要的值的类型，但是我总是不得不从数据库中检查该ID是否还不存在.

This gave the type of values I needed, but I always had to check from the DB if that ID does not exist yet.

没有更好的方法吗?

推荐答案

mysql自动增量是否可以安全地用作用户ID?

Is mysql auto increment safe to use as userID?

如果您的安全系统可靠，那么可以.但是通常，Web开发人员会感到不舒服，因为暴露ID可以通过仅递增或递减一个数字来猜测 other 个ID.许多人改为使用随机的多位数ID.

If your security system is reliable, basically, yes. But generally, web developers feel uncomfortable exposing IDs that allow guessing other IDs by just incrementing or decrementing a number. Many resort to random, multi-digit IDs instead.

更令人费解的是，数字ID还可让竞争对手通过跟踪增量值的增长方式来估算您的增长.

On a more obscure note, numeric IDs may also allow competitors to estimate your growth by keeping track of how the incremental value increases.

这篇关于mysql自动增量是否可以安全地用作用户ID?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！