Hi,
what type are you using for your tables id in a MySQL table?
Integer or UUID? UUID1 or UUID4?
If you use UUID how do you save it? in a char column or do you convert it to binary?
Marcel
Are you meaning for the new database manager component or just in general.
Maybe I am confused by the question as a table ID is normally just an INT set to auto increment as a primary key and i also choose unsigned so it can only take positive integers up to a length of 11 which should get you into the trillions i think.
If you are referring to the new database manager there is a special column type Wappler have added that adds all the above properties to the column automatically.
1 Like
Integer mostly, but it depends on the project. If itās a saas/multi-tenant app it might make more sense to use uuid from a security perspective.
2 Likes
Never done that @JonL but it does make sense from a security standpoint I suppose.
Indeed. Itās more difficult to exploit a vulnerability if you can guess an id because itās incremental than if itās a uuid.
Imagine I find a hole that gives me access to your personal details in a website. I will be able to extract all the data for all users just by incrementing the id. With a UUID I wouldnāt be able to guess the next user.
2 Likes
Yes, I meant my question in general.
I have to admit that I didnāt look into database manager yet.
Iām asking this because Iām about to recreate a project and am thinking of a better way to secure my user table.
I donāt understand why it is common for MS SQL to use guid and int in MySQL.
Thanks for your input. Which UUID version are you using and in what type of column do you save it?
Normally integer is just fine. This is also what we use per default for the new āIncrementsā type in the Database Manager.
If you expect huge amount of record you can go for bigint
The newest trend however, when you come in the area of database synchronizations - is to use a very accurate timestamp (like with 6 digits)
This will make sure your idās are unique and also in order. So when you later synchronize your offline database with the online one - you can just add the new records with their idās and not care about that somebody else have used the idās already ā¦ 
2 Likes
I tend to use integers but always validate the current user has access rights also for example a server action may also have an additional condition like
and id = securityprovider.identity
1 Like
Indeed. Using some sort of ACL is needed to protect data.
My comment was focused more on minimizing the impact if you screwed your appās security.
It will always better to have a breach of 1 user than 5000. Thatās one of the reasons why some apps choose uuid/guids over incremental ids.
Using uuid is also a good approach when working with distributed DBs.
But sometimes using uuids overcomplicate things when they are not really needed. All in all, it depends on the app you are building.
Currently, I am not involved in projects that use UUIDs.
This is an interesting idea. I haven't come across it before. One advantage of this approach over UUIDs is that they would be sortable and also relatively human readable (which of course isn't always relevant). However, I would have thought there would be some chance of duplicates - particularly if you have a large number of users. UUIDs are not 100% guaranteed to be unique either but they contain many more characters.
Also worth mentioning Mysql uses uuid1
1 Like
I know, but there is also a solution for UUID4 with the help of a function.
1 Like
Unless you want absolute anonymity I would just use uuid1 and only if it really makes sense. Why are you considering it?
1 Like