Re: uuid type for postgres

Jonah H. Harris <jonah.harris@gmail.com>

From: "Jonah H. Harris" <jonah.harris@gmail.com>
To: Greg Sabino Mullane <greg@turnstep.com>
Cc: pgsql-hackers@postgresql.org
Date: 2005-09-08T14:03:47Z
Lists: pgsql-hackers, pgsql-sql
Greg, thanks for saying it... I was thinking the same thing.

Not that it really relates to the UUID data type inclusion discussion 
itself, but I think this application design and use case for UUID is an 
example of using a data type for the wrong purpose. Application design-wise, 
security should be handled in a true *security* way, not by obfuscating a 
key (unless you're Microsoft :)). And, as Greg said, why not use a SHA1 hash 
instead... it would be easier than writing a whole new type implementation.

I haven't yet gotten a chance to check out the code but plan to soon.


On 9/8/05, Greg Sabino Mullane <greg@turnstep.com> wrote:
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> >> I'm also a little baffled to come up with any real application where 
> making
> >> an id number for most tables "unguessable" would provide any kind of 
> real
> >> protection not far better provided by other means. For your "users"
> >> table, sure, but that's a very special case.
> 
> > It should never be the sole means of defense, however, it can be quite
> > effective at prevention.
> 
> > For a rather simple example, consider a site that associates a picture
> > with each member. If the pictures are named 1.jpg, 2.jpg, 3.jpg, etc.
> > it makes it ridiculously easy to write a script to pull all of the
> > pictures off the site. This can be bothersome, as the only type of
> > person who would do this, is the type of person with an illegitimate
> > motivation. I want the data to be easily and freely accessible as
> > specific objects, but I do not wish to provide an easy way of
> > dumping all of the data as a unit.
> 
> I don't think security through obscurity is a good reason to add something
> to PostgreSQL. Either make the pictures accessible to everyone, or put
> some other security mechanism in place. As far as pictures, you could
> certainly used the SHA1 checksum as your primary key, which would satisfy
> all your requirements.
> 
> > In my case, it isn't only pictures. I don't want people pulling all
> > the data off the site as a dump, and using it how they wish, but I do
> > wish to make the data freely available, and easily accessible from a
> > web browser.
> 
> .htaccess? Cookies? Encrypted data? iptables? All of these are better
> solutions than random filenames.
> 
> > Not that everybody should rip out SERIAL and replace it with UUID,
> > but it really isn't that bad, and in some cases, such as mine,
> > I don't see the point of using both, and choose to instead allow
> > UUID to solve many of my concerns at the same time, with an
> > acceptable for me cost in database pages.
> 
> We're doing something similar to UUIDs here - LSID (Life Science
> Identifiers). But being as the whole point of LSIDs is to share
> data, the "random" factor is not needed. If ever PG did do something
> like UUID (and despite the paragraphs above, I could see a use for it),
> I'd rather do something like picking from a predetermined range of values
> at random and deplete the pool as you go rather than create large
> values with a low (but finite) probability of collision.
> 
> - --
> Greg Sabino Mullane greg@turnstep.com
> PGP Key: 0x14964AC8 200509080939
> 
> https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
> -----BEGIN PGP SIGNATURE-----
> 
> iEYEARECAAYFAkMgQAwACgkQvJuQZxSWSsgaOQCgl2Mb0cY5NuaTVuIAGdYKXqNE
> oQYAoJ5pm3xHcu3Wr382Jja59Ll1/YOP
> =IeqX
> -----END PGP SIGNATURE-----
> 
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster
> 



-- 
Respectfully,

Jonah H. Harris, Database Internals Architect
EnterpriseDB Corporation
http://www.enterprisedb.com/