[英]Mysql autoincrement id or alphanumeric id as Foreign Key
I have a users
table with an auto-increment id
and also a unique alphanumeric pid
. 我有一个users
表,其中有一个自动递增的id
和一个唯一的字母数字pid
。 Only pid
is publicly exposed, since I dont want hackers gaming the system by running a for
loop over id
and extracting all users data. 只有pid
是公开的,因为我不希望黑客通过在id
运行for
循环并提取所有用户数据来对系统进行游戏。
Question is, do I even need to store auto-increment id
in the first place? 问题是,我是否首先需要存储自动增量id
? I need to choose a foreign key for other user related tables like user_details
, user_orders
etc. Should I use pid
or numeric id
as fk? 我需要为其他与用户相关的表(如user_details
, user_orders
等)选择一个外键。我应该将pid
或数字id
用作fk吗?
Some concerns: 一些问题:
id
be more efficient than pid
? 联接 -使用id
联接会比pid
更有效吗? id
be faster than indexing pid
? 索引 -索引id
是否比索引pid
快? pid
is used as foreign_key
? Transactions-使用pid
作为foreign_key
时,涉及多个原子插入的事务是否可行? Basically, the answers are "yes", "yes", and "yes". 基本上,答案是“是”,“是”和“是”。
Presumably, an alphanumeric key would be many bytes and an integer would be just 4 bytes (or 8 for a bigint). 大概,一个字母数字键将是许多字节,而一个整数将仅是4个字节(对于bigint,则为8个字节)。 Foreign key values are stored in any index where they are defined, so short values are good. 外键值存储在定义它们的任何索引中,因此短值是好的。 Also, having a key that is always the same length is good. 同样,拥有始终相同长度的密钥也很好。
You don't mention where your pid
would come from. 您没有提及pid
来源。 For instance, a UUID (which is just a bit string) is 16 bytes versus 4 bytes for a string. 例如,UUID(仅是位字符串)为16个字节,而字符串为4个字节。 This would occupy more space in any indexes, although it could be used. 尽管可以使用它,但它将在任何索引中占用更多空间。
More importantly, your concern here is security. 更重要的是,您在这里所关心的是安全性。 I think having one id facing users and another inside the database provides an additional layer of security. 我认为,一个面向用户的id和另一个面向数据库的id提供了额外的安全性。 You could, for instance, have a high level of security around the conversion from the PID to the ID (an encrypted, logged, secure interface). 例如,您可以在从PID到ID(加密,记录的安全接口)的转换方面具有较高的安全性。
The PID would never be in the actual data, so getting full copies of many tables might still not identify users, assuming that you follow good practices on the contents of the tables. PID永远不会出现在实际数据中,因此,假设您遵循表内容的良好做法,那么获取许多表的完整副本可能仍无法识别用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.