For example, lets use an address book. I may have many addresses I track in an account. Each row should have an address_id and some other textual uniquess identifier, for example nickname. When my address book entries are listed on a page, I should never see the address_id. I do not care how the database is numbering the entires. All I should see is the nickname for identification. This is including the form inputs to apply actions on my address entry, as well as in URLs.
Why does this matter? For one, nobody should likely know the internal numbering in the database. In a large system, these numbers maybe huge and don't present themselves well. It might pose security issues, giving the attacker insight into the numbering limits, the current numbering counter, etc. Lastly, numbers aren't really human friendly as compared to text or visual queues.
See Also
- Primary Keys: IDs versus GUIDs - Not really a supporting reference, but an interesting read. GUIDs don't seem to present themselves better either.
No comments:
Post a Comment