Home » Mysql » Why do web sites tend to use random id:s on database tables?

Why do web sites tend to use random id:s on database tables?

Posted by: admin November 30, 2017 Leave a comment

Questions:

I wonder why many web sites choose to use random id:s instead of incrementing from 1 on their database tables. I´ve searched without finding any good reasons, are there any?

Also, which is the best method to use? It seems quite inefficient to check if an id already exists before inserting the data, (takes a second query).

Thanks for your help!

Answers:

Under the hood, it is likely that they are using incremental ids in the database to identify rows, but the value that gets exposed to end users via the URL parameters is often made into a random string to make the sequence of available objects harder to guess.

It is really a matter of security through obscurity. It hinders automated scripts from proceeding through incremental values and attempting attacks via the URL, and it hinders automated scraping of site content.

If youtube, for example, used incremental ids instead of values like v=HSsdaX4s, you could download every by simply starting at v=1 and incrementing that value millions of times.

Questions:
Answers:

Sequential ids do not scale well (they become a synchronization bottle-neck in distributed systems).

Also, you don’t need to check if a newly generated random id already exists, you can just assume that it does not (because there are so many of them).

Questions:
Answers:

Are you sure that the id’s are random? or are they encoded? Either way it is for security.