undefined | Better HN

0 pointsfriend-monoid4y ago0 comments

I had this issue in a case I think is interesting; a customer had a database with incremental IDs of a certain product they sold. On a web platform, the product owner in turn could log in and view a list of their products and their status. The id of the product was part of the URL; /product/851. Of course, the product owners could not get any information on IDs they didn’t own, but the numbers gave away info on how many devices existed before them. And they wanted to hide that information.

Of course, there are many ways to solve that situation, but UUIDs is one.

0 comments

nimish4y ago

It's the german tank problem.

Serial IDs, with some light assumptions, leak information about the total count of items.

BenjiWiebe4y ago

Just pick a random number at the beginning, and start incrementing IDs from there. Like personal checks starting at 1000 so they're always(ish) 4 digit. Of course, maybe pick another starting number that's less obvious.

sk5t4y ago

That's not effective at all.

nimish4y ago

Still leaks count -- you do similar stuff to estimate the minimum and the maximum.

j / k navigate · click thread line to collapse

0 pointsfriend-monoid4y ago0 comments

Of course, there are many ways to solve that situation, but UUIDs is one.

0 comments

nimish4y ago

It's the german tank problem.

Serial IDs, with some light assumptions, leak information about the total count of items.

BenjiWiebe4y ago

sk5t4y ago

That's not effective at all.

nimish4y ago

Still leaks count -- you do similar stuff to estimate the minimum and the maximum.

j / k navigate · click thread line to collapse