0

I am building a frontend application that makes API calls to a database which is simplified as below.

id type name
1 file file_1
2 folder photos
3 file bananas
4 folder my_folder
5 folder epic_folder

When a user visits a frontend URL such as '/folders/2' the API serves them the information it has regarding the item in the database. In this case, the requested file is a folder named 'photos'.

This seems like working for now, but it allows users to change the URL and get the information for the next item in my database.

Access control is not a matter of concern as the information relating to the items will be publicly available. However, this whole approach of using numbers and allowing users to guess the next item feels like a bad practice.

I considered some UUID's but I don't find them visually attractive to be used in a URL as they have too many dashes.

For instance, Google Drive has this URL structure: 'drive/folders/1xAlC15sDHPzOJPlEK_-dXT2pfVrrD3tb'

Or MongoDB generates a 24 character alphanumeric string for _id field: '631c13583fd1b9359e8ce810'

What would be a good way to generate a unique string for id column as in the examples, preferably in PostgreSQL?

brainf___enthusiast
  • 11
  • 2
  • 3
    UUIDs. Strip the dashes if you don't want them. A few other options [here](https://stackoverflow.com/questions/36533429/generate-random-string-in-postgresql). You'll need to store the value as an indexed column for quick lookups from your URL-handling code. – AdamKG Sep 23 '22 at 13:26
  • You can simply cast the numeric `id` to `text`... – Laurenz Albe Sep 23 '22 at 13:47
  • 1
    So why is `631c13583fd1b9359e8ce810` better than `9f875aec965b4f63a8870eddd111ba47` which is a UUID without the dashes. A UUID is also more efficient to store than a 24 character string. –  Sep 23 '22 at 14:01

0 Answers0