logoalt Hacker News

reffaelwallenyesterday at 3:10 PM3 repliesview on HN

At my company we only use UUIDs as PKs.

Main reason I use it is the German Tank problem: https://en.wikipedia.org/wiki/German_tank_problem

(tl;dr; prevent someone from counting how many records you have in that table)

Replies

jakeydusyesterday at 4:46 PM

I'm new to the security side of things; I can understand that leaking any information about the backend is no bueno, but why specifically is table size an issue?

show 1 reply
infragreenyesterday at 5:10 PM

This was a great read, thank you for sharing!

show 1 reply
littlestymaaryesterday at 3:21 PM

What stops you from having another uuid field as publicly visible identifier (which is only a concern for a minority of your tables).

This way you avoid most of the issues highlighted in this article, without compromising your confidential data.