tags:

views:

16

answers:

2
Q: 

unique database urlkey instead of id

I have a web application where users can login and read their messages. I use to use the ID primary key in database to access and deal with users message through the site such as (viewmessage/3) but I quickly realised I did not want to do that as it gave information to all users as to how many potential messages are stored in database. Same idea with the users, to view a users profile I use to use their ID but that gives out how many users on the site... So what I did is added a new column in each table called UrlKey, this key is a varchar(16) which is composed of 16 unique randomly generated numbers which I use to map to ID on the server side.

My question now, is 16 too much or common practice (16^10), should I use just ints or a mix of int and ascii characters, any guidelines recommendations in terms of speed, security etc...? Thanks alot

+1  A: 

16^10 is a huge number, that is over 1 trillion messages.

If you use mixed case letters and numbers, that gives you 62 characters to work with, and with 5 characters you already have 62^5 combinations, it's almost 1 billion combinations.

Bimmy  2010-09-14 02:48:23
I originally used a mix but then I thought could it pose security concerns if code gets injected or so, I don't know enough so decided to play it safe and only allow numbers.
 2010-09-14 03:02:04
+1  A: 

Most database use a GUID or the UUID for a unique string instead of an auto incremented id. They both can be stored as a 16 bytes 128 integer but is 32 characters.

I would use a GUID or a UUID. Then you are always going to be unique.

David Basarab  2010-09-14 02:48:47
I want to use this 'GUID' across the site in my url to access specific areas, the fact that it's 32 character.... could be become an an issue? You just made me realise my system is not scalable. I have a loop that generates a random key if current key already exists, so i could get stuck in this loop for quite sometime if my record gets overwhelmingly large.
 2010-09-14 03:02:37
@user391986 I don't see how 32 characters is an issue. And why roll your own unique identifier when it has been done for you. Every major platform would have a method to generate a GUID or UUID.
David Basarab  2010-09-14 03:18:19

related questions

Create query parameters in javascript
ASP.NET MVC: Making routes/URLs IIS6 and IIS7-friendly
Relative urls for Javascript files
How to play a sound in Actionscript 3 that is not in the same directory as the SWF?
Sending values through links (html)
PHP: GET-data automatically being declared as variables
How can I set a timeout against a BufferedReader based upon a URLConnection in Java?
Getting a full list of the URLS in a rails application
Is it the filename or the whole URL used as a key in browser caches?
How do I register a custom URL protocol in Windows?
getting java exception: java.net.MalformedURLException: no protocol
Why do some websites add "Slugs" to the end of URLs?
Friendly URLs for ASP.NET
How to generate urls in django
square brackets in URLs
Does new URL(...).openConnection() necessarily imply a POST?
How do I generate a friendly URL in Symfony PHP?
Getting parts of a URL (Regex)
.NET - Get protocol, host, and port
how to get locale information on a GWT application
How do I convert a file path to a URL in ASP.NET
Can I generate ASP.NET MVC routes from a Sitemap?
URL without ID
ASP.NET URL Rewriting
Modify Address Bar URL in AJAX App to Match Current State