![]() In this article, we are going to see what UUID (Universally Unique Identifier) type works best for a database column that has a Primary Key constraint. So, enjoy spending your time on the things you love rather than fixing performance issues in your production system on a Saturday night! Well, Hypersistence Optimizer is that tool!Īnd it works with Spring Boot, Spring Framework, Jakarta EE, Java EE, Quarkus, or Play Framework. In the case of Postgres, the database automatically adds an index on PK columns, so you're good performance-wise.Follow having a tool that can automatically detect JPA and Hibernate performance issues. THEN, since the url has a UUID in it, you'll need to be looking up that resource using that UUID anyway, so making the UUID the PK of that table is a sensible design decision. ![]() Then, those views should have an access control method (authorization or permissions). But for an external system, where user data is presented in some views, URLs to those views should use UUIDs in them, not auto-increment IDs. I'm not really convinced that this would deter anyone from continuing to use a service, but I think this really comes down as a business decision more than a technical decision, so it might vary in certain industries.Īll-in-all, in my opinion, for an internal system (one where the user base is required to use it, so like an internal reporting system for one specific client), it usually doesn't matter. someone might trust your service less because they were given an ID of 25 for some resource, indicating that your service is either new or not popular. However, one could argue that auto-increment IDs can sometimes portray how well-used your service is, i.e. As long as you're using this to control access to sensitive data, then it doesn't matter what ID generation pattern you're exposing. The real way to protect certain pages from being viewed by users other than the owner of the data is to use permissions & authorization. I agree to the point that exposing UUIDs instead of auto-increment IDs is a security by obscurity solution, which isn't a real security solution. Thank you everyone who took the time to share their insights, ideas and knowledges. It was not easy, I am still scare of the consequences. So I wrote a raw SQL migration to transform UUID primary key to INTEGER. My other option is to create a new database, copy the data with a python.Īfter reading all your comments and feedaback, I have decided to take the bull by the horns. ![]() I was thinking to create a migration to convert uuid into id but the risk is extremly high. I wish I could go back in time and keep ID and add an extra field UUID instead. I'm using postgresql with python 3.8 and django 3+ And because the website is already in production, I cannot make any changes without risks. So now I am worried about the performance. So I have decided to replace ID with UUID.īut yesterday I have also read that UUID can be really expensive when used as primary key. I have started to develop a website and I have read in the past that it would be a good practice to hide auto-increment ID.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |