On Mar 18, 2008, at 2:40 PM, Campbell, Lance wrote:
> Why use a random number as a primary key? Security via obscurity.
>
> I build web applications for a living. In most of my applications
> it is
> preferable to use a random primary key. Why?
Don't expose the actual ID to the end user; only expose a reversible
encrypted form of it. We use a relatively simple hash + check
character. If you have several examples of it, you can reverse
engineer it, but the casual "hacker" is easily thwarted.
You can use stronger encryption on the number when exposed to end
users if you need. You're making your DB overly complex.
