![]() ![]() ![]() I suppose you see the problem and solution now. Even if we import the orders properly and their IDs aren't referenced from other tables and their indexes are reassigned from 1 to 20, since the users are reindexed as well now our orders reference wrong users! In the other instance, order 2 is related to use 3 as well but their name is Arian Amini. Let's say in our first database instance order 2 is related to user 3 whose name is Adnan Babakan. Now let's think about this: In each of your database instances you only have 10 users and 10 products and 10 orders which are numerically indexed from 1 to 10. Given that the database structure is the same and you have complicated relations in your database you might find it difficult to merge data without adjusting some values manually or with an automated task.Īs you can see in the simple diagram above of an abstract database, your might have a table of orders which is related to both a product and a user. Let's imagine that you have two database instances of the same system that you want to expand or just make a new cluster for some reason and then merge both instances. As you can see this can solve the enumeration exploit in your application. ![]() Given a UUID such as 700234f5-0e45-452e-ae3a-70b4b3d024e1, you wouldn't know what UUID is before or after this since there is no order. The algorithm YouTube uses to make IDs for their videos is custom, but the purpose of my description is the same for UUIDs. This is called enumeration exploiting which can cause serious data leaks depending on what your program is supposed to do. In that case, someone could start from number 1 and try every link using a custom-made program to extract all the available videos on YouTube and your link-only video would be exposed as well. So imagine YouTube used a numerical index and incremented it one by one for each video uploaded. Well, Let's look at a YouTube link:Įnter fullscreen mode Exit fullscreen mode My favorite song BTWĪs you can see the address ends in v=3wVTmlD86a which indicates the (let's say) ID of the video. Let's say for instance you upload a video on YouTube which is hidden from the public and can only be viewed by those whom you shared the link with. Although when using MySQL or many other databases your primary key is set as an AI (auto-incremental) and the data type is an integer, you may use UUID with a few tweaks and believe me it's worth the hassle.Īn enumeration exploit is when your data is predictable. I primarily use Laravel as my back-end and love using MySQL (I know there are lots of other RDBMS/DBMS out there but I love MySQL and feel comfortable with it XD). I've been using UUIDs as my primary key structure for a fair amount of time now but the real advantages have shown themselves after finishing the projects and I am glad I've decided to do so. It's been a long time since I've last written here.ĭuring the time that I've been absent, I've been working on some large-scale projects in which I've seen how UUIDs can benefit your application in multiple ways.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |