| ▲ | delifue a day ago | |
I disagree with this > While UUIDv7 still contains random data, relying on the primary key for security is considered a flawed approach The correct way is 1. generate ID on server side, not client side 2. always validate data access permission of all IDs sent from client Predictable ID is only unsafe if you don't validate data access permission of IDs sent from client. Also, UUIDv7 is much less predictable than auto-increment ID. But I do agree that having create time in public-facing ID can leak analytical information. | ||