Jeff Davis wrote:
> On Mon, 2011-05-02 at 23:07 -0400, Greg Smith wrote:
>
>> I see this whole area as being similar to SQL injection. The same way
>> that you just can't trust data input by the user to ever be secure, you
>> can't trust inputs to your database will ever be unique in the way you
>> expect them to be.
>>
>
> So, don't trust them to be unique then. Make up your own unique
> identifier, and use that.
>
If you're making up your own unique identifier, that's closer to a
surrogate key as far as I'm concerned, even though it doesn't fit the
strict definition of that term (it doesn't have the subtle idea that
"surrogate" implies "meaningless"). Now, there is some value to doing
that well, instead of just using the typical incrementing integer
"pointer" approach, as you've called it. But if it's not derived from
external data you're storing anyway, it's not a true natural key either.
--
Greg Smith 2ndQuadrant US greg@2ndQuadrant.com Baltimore, MD
PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.us
"PostgreSQL 9.0 High Performance": http://www.2ndQuadrant.com/books
