[geeklog-devel] sid or auto increment in gl2?

Vincent Furia vfuria at gmail.com
Wed Feb 2 22:57:04 EST 2005


Why not use the autoincrement as a primary key, and have an "id"
similar to 1.3.x for accessing an item?  The key would be used
internally for joining tables, etc, but the 'id' (which would default
to some random value, but could be user assignable (and unique)) could
be used for external (i.e. user) access to the item.

Sorry Tony, I meant to add that suggestion to the email I originally
sent to you, but looking back I realize I left that off.

-Vinny


On Wed, 02 Feb 2005 18:39:21 -0600, Tony Bibbs <tony at tonybibbs.com> wrote:
> Vinny brought up a really good point worth a good review before we just
> run with it.  The current GL2 model has the item table with a
> auto_increment PK.  It was suggested by Vinny that many may prefer the
> 1.3.x method of using timestamps as it more obscure (security by
> security anyone?)
> 
> There are two thoughts, one is that security by obscurity is a better
> route.  The other is that the item-level security in GL2 should make it
> so that if people guess the id because it was autoincremented, it
> wouldn't let them have access unless they truly should.
> 
> My only issue against the timestamp is that GL2 was hoping to support
> multiple web servers and this could introduce some PK contention in that
> case.  The auto_increment field would eliminate the risk of that.
> 
> So that said, any additional arguments one way or another?  Any preferences?
> 
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>



More information about the geeklog-devel mailing list