Why is it a terrible idea? I have been using them for years without a single problem. I don't rely on them for create order. Terrible seem a bit extreme.
Thanks, Ben On Sat, Jan 28, 2023, 3:39 PM Erik Wienhold <e...@ewie.name> wrote: > > On 27/01/2023 01:48 CET Ron <ronljohnso...@gmail.com> wrote: > > > > On 1/26/23 15:55, Erik Wienhold wrote: > > > > > > There are arguments against sequential PK, e.g. they give away too > much info and > > > allow attacks such as forced browsing[2]. The first I can understand: > you may > > > not want to reveal the number of users or customers. But access > control should > > > prevent forced browsing. > > > > Shouldn't your application layer isolate the users from the database? > UUIDs > > are all over the DBs I manage, but the PKs are all sequences. > > Yes, I meant the application layer, not Postgres' access control. > > -- > Erik > > >
