GUIDs and UUIDs are cool, but this is cooler

Показать описание

Hello everybody I'm Nick and in this video I will show you how you can use sequential ids as primary keys in your database without having to worry about security vurnabilities. This will allow you to have better potential database performance without having to worry about issues such as fragmentation if you use GUIDs or UUIDs are the primary key.

Timestamps
The problem - 0:00
The solution - 3:44
Library deep dive - 9:21
Performance - 12:31

Don't forget to comment, like and subscribe :)

Social Media:

#csharp #dotnet

Рекомендации по теме

Комментарии

In case it wasn't obvious in the video, this video is NOT against GUIDs. Distributed systems absolutely need them but distributed systems will probably use NoSQL databases which don't suffer from the problems outlined. Also, of course everything should have proper auth where needed and you shouldn’t rely on unguessable urls. This was never in question and was never brought up as a selling point of the library or the approach. It is assumed to be the bare minimum that you should have. The video is all about how you can keep using sequental IDs internally, if the only reason you wanted to move to GUIDs was the exposure of the data with a concern about losing database performance, without having to worry about exposing guessable ids and opening your system up to potential security problems. Sequential ids, both ints and guids, can give your competitors business intelligence for your system (user/order count, rate of growth etc). We need to acknowledge that there is a huge amount of people that don't work in scaled out, cloud native microservices, and this video is for them.

nickchapsas

Ah, I was wondering why the project was suddenly getting PRs today. I'm the current maintainer, thanks for highlighting this!

mg

A global seed stored in the app's code is usually called "pepper". "Salt" is what differs for every record, and is stored in the datastore.

egorsozonov

When you start with "Hello everybody" and your name is Nick, I immediately picture dr. Nick from the Simpsons. Love your videos!

vladimirvarnaliev

Congrats on the 100K subs, well deserved man!

pablocom

I work on a large project where we originally used GUIDs as the primary key in the database, but for DB2 at least, the indexing was horrible because they were basically random and caused a lot of index cache misses. Switching to a sequential ID was the way to go for efficiency. But for exposing to web UIs, we keep a pair of dictionaries in the session state which map numeric IDs to guid and guid to numeric ID. Obviously just for the IDs we need to return to the user. Works pretty well.

davidwilliss

Hi Nick, very nice video, I've been also using some other ID format called KSUID (k-sortable unique ID), these are basically smaller for storage than UUID but with more entropy bytes and I really loved them. They are sequential sortable by design, so no encode/decode has to take place.
There is support in a various range of programming languages nowadays (originally coming from Go).
I would love to see a video on them, too.

davidkroll

You talk about the security aspect of sequential id's at the beginning, which I appreciate.
But if you don't keep the HashId-seed secret, it has basically the same problem, an attacker just needs to decode the hash into a sequential id, increment or decrement and encode again to get another possibly valid hash.
Well, eventually, authorization should anyway be enforced in other ways, because hashes, guids and sequential id's can always leak, and that shouldn't give non-authorized people any power in a secure system.

asdfxyz_randomname

Thank you Nick. I really like the idea to hide the real sequentiell integer id. Without drawback of perfomance issues of a guid.
Also to be possible to "hash" multiple ids is great. Sometimes you need it.
Great explanation also. :-)

Kingside

Great video as always nick. Please please create a video in optimizing GUIDs as IDs Nick 🙏

mrzoobidoo

4:36 - The term “hash” and “hashing” long predates crypto as a term of art in computing. It simply refers to the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash ID perfectly describes this use case and is not even slightly arbitrary in meaning or application. In fact, cryptography is a form of hashing but hashing is not necessarily cryptographic. That is to say, hashing doesn’t necessarily obfuscate the original value. Take, for example, a hashtag. To go full circle, GUIDs and UUIDs are also hashes.

robertholtz

This is one way to do it, I typically just use a secondary unique index with uuids. My queries/joins use the typical relationship integer ids but I don't expose those as identifiers or in my db code. That is a better way architecturally imho since the monotonic ids are actually leaking your db implementation details, making it harder to swap out your database and the ID generator inside the database becomes a singleton service that is difficult to replace.

chadgrant

It was nice to see you directly saying the outro 😀
And congratulations for the 100k subs, you really deserve it 🎉

najibmestaoui

Yes please on the "optimise Guids for RDB" idea! Thanks for the vid.

adamdiament

What a great idea. We've been using GUID and had to add an additional incremental column to get around indexing and paging limitations. Too late to rewrite everything now, but for new projects this is definitely a much better way to go about it.

buriedstpatrick

It's nice to have options for different types of IDs to be used in different situations. GUIDs are nice sometimes, integers are nice other times. I've really enjoyed Flake IDs in some distributed situations, and hash-based IDs are great for these user-visible URL situations you're describing. Picking the right format of IDs for the right use-cases, and being able to cheaply translate between them when necessary, is important for the good design of many systems.

wknight

We use Type 1 UUIDs which are sequential. I believe Cassandra uses them for the clustering key also. Also guaranteed unique with no conversion required. You can also represent the UUID as Base64: "Ej5FZ-ibEtOkVkJmVUQAAA". 22 chars instead of 36.

KangoV

Congratulations on reaching 100K subscribers....

As usual you present good value and good explanations! Keep up the good work!

rockymarquiss

Interesting. Previously I have used checksums to improve performance when searching strings.
More for urls, emails, etc. where you have to store the full thing, but you want more optimal indexing.

daninmanchester

Congrats on 100K subscribers. Your videos always give some new knowledge and ideas.

santoshyogiindia

GUIDs and UUIDs are cool, but this is cooler

GUIDs and UUIDs are cool, but this is cooler

What is a UUID? UUID vs. GUID

Don’t Use UUIDs/GUIDs in Databases. Use this Instead

Stop Using UUID!

Better Than GUID - Have You Heard Of ULID Before? #shorts

What are UUIDs and GUIDs? #short #shorts #tech

The Problem With UUIDs

Generating Unique Identifiers in Your Programs (GUIDs/UUIDs)

Which is better? UUID or Int?

The Problem With UUIDs… And How To Solve It

Why UUID is unique?

Stop Using The uuid Library In JavaScript

Word of the Day – Globally Unique Identifier (GUID)

The New ID To Replace GUIDs and Integers in .NET

Universally Unique Identifiers (UUID/GUID) // Game Engine series

ULID: Universally Unique Lexicographically Sortable Identifier a shorter UUID v7 alternative

How to create a UUID or GUID in Python #shorts

UUID: Universally Unique Identifiers v4 and v7 design

How do I create a GUID / UUID?

ULID vs UUID: Which One Should You Use?

Database Auto increment vs UUID - Which is Right for You?

Generate Unique IDs in Python (UUIDs)

UUID - Universally Unique Identifiers #shorts

How to generate a UUID/GUID in python