Ask HN: Best practices for creating unique IDs
Would you use your database's "auto increment" function, GUID function (if any), or simply assign a randomized alphanumeric string of N characters? Each method has pros and cons, but I have never been able to really settle on one. Lately I've been using random generation on the assumption that a sufficiently large number of characters (say, 32) makes the risk of duplication nearly non-existent - but not impossible.
When you've written something from scratch, which method have you most commonly used? I'm more interested in security than readability, but I can't find any data suggesting one method over another aside from the possibility of guessing an auto-incremented field.
6 comments
[ 3.2 ms ] story [ 22.4 ms ] threadI always figured people used GUIDs over ids to avoid the performance implications of re-pinging the database to get the new id. I would be cautious of creating my own GUID generation though. I'd assume that the db's GUID implementation is probably WAY better than anything one can hack together within a short time-frame.
I'm an auto-increment man (if I can get away with it). :)
I would expect that good authentication would negate the worry about this, but I don't always see every side of things ;)
What are you writing, anyway?
I'm trying to figure out a solution to a similar problem this week. I'm leaning towards an AES of an auto-increment ID + random salt and my coding partner wants to create a random MD5 hex digest and store it as a second key in the database. He's probably right but I'd like to avoid creating yet another index.
That's 2^120 possibilities - just guessing a valid id will require a lot of luck and a collision is very unlikely.
It cares more about readability than security but I guess it is safe enough.