发表新帖
发表新帖

API design and security: Why hide internal ids?

前端 未结
关注
3 1738
野性不改
野性不改 2021-01-01 19:15

I\'ve heard a few people say that you should never expose your internal ids to the outside world (for instance an auto_increment\'ng primary key).

Some suggest hav

3条回答
  • 旧巷少年郎
    旧巷少年郎 (楼主)
    2021-01-01 19:30

    Great answers, I'll add another reason to why you don't want to expose your internal auto incremented ID.
    As a competitive company I can easily instrument how many new users/orders/etc you get every week/day/hour. I just need to create a user and/or order and subtract the new ID from what I got last time.
    So not only for security reasons, it's business reasons as well.

    0 讨论(0)
 看不清?
提交回复
热议问题