alt Hacker NewsIn database design typically it recommends giving out opaque natural keys, and keeping your monotonically increasing integer IDs secret and used internally.
Replies
taftster • today at 2:05 AM
Maybe. Until your natural key changes. Which happens. A lot.
Exposing a surrogate / generated key that is effectively meaningless seems to be wise. Maybe internally Youtube has an index number for all their videos, but they expose a reasonably meaningless coded value to their consumers.
That is a best practice for two real reasons:
1. You don't want third parties to know how many objects you have
2. You don't want folks to be able to iterate each object by incrementing the id
But if you have composite IDs like this, that doesn't matter. All objects that belong to a repository have the repository id inside them. Incrementing the id gives you more objects from the same repo. Incrementing the repo id gives you...a random object or nothing at all. And if your IDs include a little entropy or a timestamp, you've effectively kneecapped anyone who's trying to abuse this.