2

In a Database, we have tables such as, Users table, Posts table, and so on...

user_id             username
----------------------------
1                    ToTo
2                    TaTa
3                    TiTi

Accessing a User page, normally would only require the change of the parameter in the URL.

/User.php?id=2
/User.aspx?id=3
/User.jsp?id=4

On some websites (maybe Google Plus), the ID is a long string of numbers, I decreased my profile ID and increased it, many times, and tried to access those pages, there was no pages (Error 404), maybe some could say, that those users have deleted their profiles, but I think that this ID isn't incremented, its actually being generated.

What is the advantages of generating IDs? (Either a string of numbers or letters/numbers). When it should be used?

Ali Bassam
  • 9,691
  • 23
  • 67
  • 117
  • 1
    This question is probably not a good fit for StackOverflow; it's more philosophical than "how do I?".... You may want to research uniqueidentifiers (which is probably what you are seeing as strings) versus integers. – Stuart Ainsworth Mar 13 '13 at 01:34

1 Answers1

3

The auto-incrementing IDs are an easy way to guarantee a unique ID. Think of what you would need to do to guarantee its uniqueness without this feature! Functions were created for this, but still.. (e.g. Create a unique identifier using SQL)

Note that it is quite possible that you received a 404 just because you were not allowed access to the profile that you tried to access - when the ID you guessed may in fact have existed.

It is very likely that Google does not simply increment IDs from 1 to however many users they have. It would give an indication of the age of the account, and easy way to attempt to get access to a specific page for an account that is now made more obscure, and so on. It is also possible that the ID in question is in fact a (salted) hash of (parts of) e.g. your name.

Community
  • 1
  • 1
Spork
  • 1,631
  • 1
  • 21
  • 37
  • So using a Generated String for the ID, helps in obscuring the number of possible users, and doesn't allow someone to determine which user was created before the other! – Ali Bassam Mar 13 '13 at 14:08
  • Yup. Also: http://stackoverflow.com/questions/8078912/is-mysql-auto-increment-safe-to-use-as-userid – Spork Mar 13 '13 at 14:48
  • thanks for the link, it helped a lot, now I'm starting to wonder where I should use the auto increment... – Ali Bassam Mar 13 '13 at 16:26
  • You could also use UUIDs! – Spork Feb 12 '16 at 10:27