使用数据库表的ID作为外部API标识符是一个坏主意吗?
[英]Is it a bad idea to use a database table's ID as an external API identifier?
问题描述
We're designing a HTTP service with an external API, which will need to store some items, that external API consumers might need to retrieve later on. 
我们正在设计带有外部API的HTTP服务,该服务需要存储一些项目,以后外部API使用者可能需要检索这些项目。 Everything is stored in a table foos , and the current plan is to just use the table's primary ID key as the external unique identifier. 一切都存储在表foos ,当前的计划是仅使用表的主ID密钥作为外部唯一标识符。 My gut tells me this is bad design, but I've not been able to argue my case effectively, partially because I can't articulate the reasons. 我的直觉告诉我这是一个糟糕的设计,但是我无法有效地论证我的观点,部分原因是我无法阐明原因。
Here are the only downsides I can think of so far: 到目前为止,这是我唯一能想到的缺点:
- What if we want to change the schema? 如果我们要更改架构怎么办? We'll have to repopulate everything making sure their IDs stay intact, or implement another unique identifier column during the move 我们必须重新填充所有内容以确保其ID保持不变,或者在移动过程中实现另一个唯一标识符列
- Minor(?) security risk (I know, security through obscurity is not secure etc etc) 次要(?)安全风险(我知道,通过默默无闻的安全性是不安全的,等等)
Are there other major downsides, or am I just being paranoid? 还有其他主要缺点吗?还是我只是偏执? Would also appreciate some links to published articles which talk about this! 也将感谢一些有关此的已发表文章的链接!
3 个解决方案
解决方案1
5 已采纳 2012-02-22 22:13:37
Im going to go ahead and say that if your database is locked down than this does not matter unless: 我将继续说,如果您的数据库被锁定,那么这无关紧要,除非:
- Sharing API keys implies a loss in CIA of user information. 共享API密钥意味着CIA的用户信息丢失。
- You make it easy for users to make calls to your API without second level authentication. 您无需用户进行二级身份验证即可轻松使用户调用您的API。
What I'm sure you already realize is that taking measures against SQL injection will prevent anyone taking advantage of this information, however knowing an index range could mean that someone will know that 1 less or 1 more in an index range is a tangible key to be used to access your API. 我确定您已经意识到,针对SQL注入采取措施将阻止任何人利用此信息,但是,知道索引范围可能意味着某人将知道索引范围中少1个或多1个是切实可行的关键用于访问您的API。
For example: 例如:
If you can access your API through a URL without being logged in, then using an index range is a bad. 如果您无需登录即可通过URL访问API,那么使用索引范围是一个不好的选择。
http://mysite.com?APIkey=145 http://mysite.com?APIkey=145
If I know my key is 145 , then 144 and 146 probably would also work to make a call. 如果我知道我的密钥是145 ,那么144和146可能也可以拨打电话。
Using a GUID scheme is way to deal with this but with this you are making other sacrifices : 使用GUID方案是解决此问题的方法,但与此同时,您在做出其他牺牲 :
ID (index): 145 ID(索引): 145
ID (GUID): C87FC84A-EE47-47EE-842C-29E969AC5131 ID(GUID): C87FC84A-EE47-47EE-842C-29E969AC5131
Or finally, you can add another column to save a random hash as a unique API key like you said: 或者最后,您可以添加另一列以将随机哈希保存为唯一的API密钥,如您所说:
ID (Hash): da39a3ee5e6b4b0d3255bfef95601890afd80709 ID(哈希): da39a3ee5e6b4b0d3255bfef95601890afd80709
解决方案2
1 2012-02-22 22:14:52
It is perfectly safe. 这是绝对安全的。 The ids will get backed up and restored with the rest of the data, so there is no problem there. 这些ID将与其余数据一起备份和还原,因此没有问题。 Nor are there any security issues that I can think of. 我也没有想到任何安全问题。 Whether it is bad design is a matter of taste. 设计是否不好取决于品味。
IIRC the eBay and PayPal APIs work this way, but I cannot quote a reference on that. IIRC eBay和PayPal API以这种方式工作,但是我无法对此进行引用。
解决方案3
0 2012-02-22 22:47:36
I agree with you because of your first point: 因为您的第一点,我同意您的观点:
If you end up changing schema for whatever reason your service should abstract the physical changes. 如果由于某种原因最终更改架构,则您的服务应抽象出物理更改。 Maintaining the old keys makes that very hard.... 维护旧密钥非常困难。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.