[geeklog-devel] sid or auto increment in gl2?
Tony Bibbs
tony at tonybibbs.com
Wed Feb 2 19:39:21 EST 2005
Vinny brought up a really good point worth a good review before we just
run with it. The current GL2 model has the item table with a
auto_increment PK. It was suggested by Vinny that many may prefer the
1.3.x method of using timestamps as it more obscure (security by
security anyone?)
There are two thoughts, one is that security by obscurity is a better
route. The other is that the item-level security in GL2 should make it
so that if people guess the id because it was autoincremented, it
wouldn't let them have access unless they truly should.
My only issue against the timestamp is that GL2 was hoping to support
multiple web servers and this could introduce some PK contention in that
case. The auto_increment field would eliminate the risk of that.
So that said, any additional arguments one way or another? Any preferences?
--Tony
More information about the geeklog-devel
mailing list