> On 27/01/2023 01:48 CET Ron <ronljohnso...@gmail.com> wrote: > > On 1/26/23 15:55, Erik Wienhold wrote: > > > > There are arguments against sequential PK, e.g. they give away too much > > info and > > allow attacks such as forced browsing[2]. The first I can understand: you > > may > > not want to reveal the number of users or customers. But access control > > should > > prevent forced browsing. > > Shouldn't your application layer isolate the users from the database? UUIDs > are all over the DBs I manage, but the PKs are all sequences.
Yes, I meant the application layer, not Postgres' access control. -- Erik
