通过API或网页公开数据库自动递增的ID [英] Expose database auto-incrementing ids via APIs or web pages

问题描述

我认为不公开自动递增的数据库ID(帐户，产品等)是更好的方法.我们也许可以使用UUID和通过API或网页公开这些内容.

I was of the opinion that NOT exposing auto-incrementing DB ids (accounts, products etc.) was the better way. We could maybe use UUIDs & expose those via the APIs or web pages.

但是我检查了许多主要公司似乎并不在意:

But I checked that many major companies don't seem to care:

• Google，Amazon，Facebook，Twitter(似乎都包含数字) 自动递增的帐户ID)
• 梅西百货&易趣显示自动递增的产品ID(或Web ID) IDs

• Google, Amazon, Facebook, Twitter (all seem to have numeric auto-incrementing account ids)
• Macys & Ebay show product ids(or web ids) which are auto-incrementing ids

亚马逊似乎在乎的一种情况:

One case where Amazon does seem to care:

• Amazon确实在其产品目录中使用了ASIN号( 据称在内部链接到其数字自动增量数据库 产品ID.)

• Amazon does use ASIN numbers for its product catalog (which supposedly internally link to their numeric auto-incrementing DB product ids.)

那么，在使用UUID时，我们是否要解决一个不存在的问题?只是不值得花时间&努力吗?

So, in using UUIDs are we trying to solve a problem that does not exist ? Just not worth the time & effort ?

推荐答案

关于在帐户表中使用自动递增的ID，以下是一些不好的主意的原因:

Concerning the use of auto-incrementing ids for account table, here are some reasons why its a bad idea:

1. 序列号向公众展示表中记录的数量以及表在一段时间内的采样率.
2. 如果api的安全性较差，则可以通过简单地增加id并进行api调用，直到检索到所有数据，来抓取数据库中的所有记录.

3. 在使用自动递增ID并插入多个相关实体时，需要对数据库进行多次调用才能将实体插入数据库中.如果使用UUID，则可以构造整个对象集，而无需与数据库进行交互.例如，如果有订单抬头和订单行项目，则需要插入订单抬头，获取主要ID，然后再插入带有订单抬头ID的订单行项目.

1. Sequence numbers expose to the public the number of records in a table and growth rate of the table if sampled over a period of time.
2. If the api has poor security, one could scrape all the records in the database by simply incrementing the id and making api calls until all the data is retrieved.

3. when using auto-incrementing ids and inserting multiple related entities, you need to make multiple calls to the database in order to insert the entities in the database. If using UUIDs, you can construct the whole set of objects without need to interact with the database. For instance with an order header and order line items, you need to insert the order header, get the primary id, and then insert the order line items with the order header id.

在将数据从开发人员迁移到暂存或暂存到实时中时，如果使用自动增量ID和外键等来插入新数据可能会遇到挑战.

When migrating data from dev to staging or staging to live, inserting new data can be challenging if using auto-increment id's and foreign keys, etc.

这篇关于通过API或网页公开数据库自动递增的ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！