Ruby on Rails Thursday, December 31, 2015

Colin Law <clanlaw@gmail.com> writes:

> On 31 Dec 2015 14:10, "'krfg' via Ruby on Rails: Talk" <
> rubyonrails-talk@googlegroups.com> wrote:
>>
>> Well, so thank you for helping me and supporting me up to the solution.
>> I am already looking for and reading documentation on transactions,
>> sequences and truncations in Postgres, which is new stuff for me. My next
>> goal is finding how to reset the id sequence in Postgres.
>
> Why? As I said before you should not use the id as a numeric value.
>
> Colin

Even further, there are reasons to completely and absolutely ignore
and never even expose the id column for a record, and prefer a UUID
instead. Some of these include:

- you can't count on it being the same across databases if you even need
to migrate your data

- exposing it to the user can reveal more information about your app
than you want ("oh, there's only 550 people signed up, this must be
useless")

- exposing it to the user can open avenues of attack you don't want to
open

- id 1 *must* be the admin, so we'll concentrate our attacks there


The emphasis you seem to be showing is causing me to scratch my
head. Why is starting at so absolutely important to you? It is a proper
error to count on a particular record always have an absolute record id
value.

--
Tamara Temple
tamouse@gmail.com
http://www.tamouse.org

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/m2ziwqdr9b.fsf%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment