| ▲ | Hizonner 12 hours ago |
| Because anything that knows the primary key now knows the timestamp. The UUID itself leaks information. It's not that it's not adding security. It's that it's actually subtracting security. |
|
| ▲ | andy_ppp 8 hours ago | parent | next [-] |
| There’s every chance the API has timestamps on when it was inserted. Honestly I’d rather my data was ordered correctly than imagining the extremely rare situations that leaking the insert time is going to bring the world falling down. You usually want that information. And I’m honestly not a fan of public services using primary keys publicly for anything important. I’d much rather nice or shorter URLs. What might be an improvement is if you can look up records efficiently from the random bits of the UUID automatically, replacing the timestamp with an index. |
|
| ▲ | lucideer 12 hours ago | parent | prev [-] |
| > leaks information It would have to leak sensitive information to be "subtracting security", which implies you're relying on timestamp secrecy to ensure your security. This would be one of the "other problems" the gp mentioned. |
| |
| ▲ | atomicnumber3 12 hours ago | parent [-] | | Pretty much any information can be used for something. You're ignoring everything they say about how something not critical to application security may still not be desirable to be leaked for other reasons. Example: Target and Walmart may not depend on satellites being unable to image their parking lots from the perspective of loss prevention or corporate security. But it still leaks information they may not want financial analysts to know about their performance. | | |
| ▲ | lucideer 11 hours ago | parent | next [-] | | You've used an analogy instead of an example to demonstrate your point: analogies can be helpful for explaining concepts but are rarely accurate enough to prove logical parity. It would be much easier to discuss the merits of your argument if you had an example of the dangers of leaking creation timestamps for database entries. Otherwise, carparks & database creation timestamps have nothing in common that is meaningfully relevant to your argument. You cannot just generalise all worldly concepts & call it a day. | | |
| ▲ | atomicnumber3 6 hours ago | parent [-] | | The other post literally mentions using creation timestamps to judge growth rates of companies on a platform. My analogy was meant for a reader with a modicum of ability to connect dots to better interpret the parent and aunt/uncle replies. |
| |
| ▲ | limagnolia 11 hours ago | parent | prev [-] | | Sam Walton used to fly investors in his plane over Walmart stores and ask them to count the cars in the parking lot, then he would fly them over competitors stores and ask the same. Just a fun fact about how this is a very real scenario! |
|
|
