Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Use UUIDs in all the tables
See original GitHub issueRolling IDs are considered to be a bad practice. There are (at least) few reasons for this:
- They are a security issue. From rolling numbers a malicious party can interpret information that the merchant does not want to share. Like user counts, order counts and such. If using UUIDs, a malicious party could not sniff this kind of information.
- Rolling numbers are problematic in distributed systems. If the database goes down, and the admin needs to restore the database from db dumb, some other system might have id number 42 pointing to a row in the database in Vendure. However, this row (let’s say user) no longer exist since the database dumb is 12 hours old. Now when the next user is created, some other system points to a wrong user and we might leak data from different user to another. Not good. When using UUIDs instead of rolling numbers, now the other service would have an extra row, which would not be accessible by any user in the future, so there would not be a risk for sharing sensitive information with others.
Describe the solution you’d like
Use UUID V4 for generating all the IDs. Postgres, and likely other database systems have builtin function uuid_generate_v4() for this purpose. If some database does not have this kind of function, it could be generated by the application instead.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Best practices on primary key, auto-increment, and UUID in ...
Should each and every table have a primary key? ... UUID or GUID in database as a primary key. when should I use...
Read more >Why I Like Using UUIDs on Database Tables
It's good practice to use both IDs and UUIDs. You should use UUIDs for everything that goes out of your system (i.e HTTP...
Read more >What is a UUID, and why should you care? - Cockroach Labs
A UUID – that's short for Universally Unique IDentifier, by the way – is a 36-character alphanumeric string that can be used to...
Read more >MySQL UUID Smackdown: UUID vs. INT for Primary Key
UUID values are unique across tables, databases, and even servers that allow you to merge rows from different databases or distribute databases across...
Read more >Why We Should Use Uuids for All Primary Keys - tjmt.uk
A UUID (Universally Unique Identifier) is, for practical purposes, unique. As in, it's unique in any system that may ever exist. This it...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This could be implemented via a custom field on Product.
I think my reasoning was that integer IDs are more approachable and easier to work with in development.
Makes kinda sense, numeric ids are indeed easier to reason about. Personally I’d prefer similar ids in dev & prod to make environments similar, and embracing uuids everywhere would be wise security vice.