mysql自动增量是否可以安全地用作用户ID? [英] Is mysql auto increment safe to use as userID?
问题描述
我正在一个允许人们在线创建个人资料的网站上工作.我想知道使用MySQL AUTO_INCREMENT
ed ID作为用户ID是否是正确的选择.还牢记我可能必须一天在多个服务器上复制数据库吗?
I am working on website that allows people to create profiles online. I was wondering if it is the right choice to use MySQL AUTO_INCREMENT
ed IDs as my user ids. Also bearing in mind that I might have to duplicate the database across multiple servers one day?
例如您会在Twitter或Facebook这样的网站上将这种方法用于userId吗?
e.g. would you use this method for userIds on a website like Twitter or Facebook?
我以前尝试用PHP生成userId.我用了这样的东西:
I have tried generating userIds with PHP before. I used something like this:
function generateID() {
$possible = "1234567890";
$code = "";
$characters = mt_rand(7,14);
$i = 0;
while ($i < $characters) {
$code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
$i++;
}
return $code;
}
这给出了我需要的值的类型,但是我总是不得不从数据库中检查该ID是否还不存在.
This gave the type of values I needed, but I always had to check from the DB if that ID does not exist yet.
没有更好的方法吗?
推荐答案
mysql自动增量是否可以安全地用作用户ID?
Is mysql auto increment safe to use as userID?
如果您的安全系统可靠,那么可以.但是通常,Web开发人员会感到不舒服,因为暴露ID可以通过仅递增或递减一个数字来猜测 other 个ID.许多人改为使用随机的多位数ID.
If your security system is reliable, basically, yes. But generally, web developers feel uncomfortable exposing IDs that allow guessing other IDs by just incrementing or decrementing a number. Many resort to random, multi-digit IDs instead.
更令人费解的是,数字ID还可让竞争对手通过跟踪增量值的增长方式来估算您的增长.
On a more obscure note, numeric IDs may also allow competitors to estimate your growth by keeping track of how the incremental value increases.
这篇关于mysql自动增量是否可以安全地用作用户ID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!