tags:

views:

77

answers:

1
+1  Q: 

Database Design Question: GUID + Natural Numbers

For a database I'm building, I've decided to use natural numbers as the primary key. I'm aware of the advantages that GUID's allow, but looking at the data, the bulk of row's data were GUID keys.

I want to generate XML records from the database data, and one problem with natural numbers is that I don't want to expose my database key's to the outside world, and allow users to guess "keys." I believe GUID's solve this problem.

So, I think the solution is to generate a sparse, unique iD derived from the natural ID (hopefully it would be 2-way), or just add an extra column in the database and store a guid (or some other multibyte id)

The derived value is nicer because there is no storage penalty, but it would be easier to reverse and guess compared to a GUID.

I'm (buy) curious as to what others on SO have done, and what insights they have.

+1  A: 

What you can do to compute a "GUID" is to calculate a MD5 hash of the ID with some salt (table name for instance), load this into a GUID and set a few bits so that it is a valid version 3 (MD5) GUID.

This is almost 2-way since you can have a SQL computed column (which can also be indexed in certain cases) holding the GUID without persisting it in the table, and you can always re-compute a GUID with the correct ID and salt, which should be harder for users since they don't know the salt nor the actual ID.

Lucero  2010-05-20 23:09:56
That would be one-way, correct, so I'd have to store the value in the database, so why not use a GUID (since the MD5 would result in 16 bytes anyway).
Alan  2010-05-20 23:13:58
Because the GUID is computable from the ID and the table (as "namespace" component of the V3 GUID), you don't have to store or transfer it when not dealing with the outside world. An indexed computed column (if your RDBMS supports it) then makes sure that lookups are still fast.
Lucero  2010-05-20 23:25:06
Thank you. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
Alan  2010-05-20 23:29:26
My *newsletter*? What?
Lucero  2010-05-21 11:08:50
Simpsons Quote. Just means, thank you for your answer. It was a good one :)
Alan  2010-05-23 08:34:41
Ah, okay. I'm not that familiar with the Simpsons (unbelievable, I know... ;) ).
Lucero  2010-05-23 15:53:14

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP