Hacker News new | ask | show | jobs
by friend-monoid 1851 days ago
I had this issue in a case I think is interesting; a customer had a database with incremental IDs of a certain product they sold. On a web platform, the product owner in turn could log in and view a list of their products and their status. The id of the product was part of the URL; /product/851. Of course, the product owners could not get any information on IDs they didn’t own, but the numbers gave away info on how many devices existed before them. And they wanted to hide that information.

Of course, there are many ways to solve that situation, but UUIDs is one.
1 comments
nimish 1851 days ago
It's the german tank problem.

Serial IDs, with some light assumptions, leak information about the total count of items.

link
BenjiWiebe 1851 days ago
Just pick a random number at the beginning, and start incrementing IDs from there. Like personal checks starting at 1000 so they're always(ish) 4 digit. Of course, maybe pick another starting number that's less obvious.
link
sk5t 1851 days ago
That's not effective at all.
link
nimish 1850 days ago
Still leaks count -- you do similar stuff to estimate the minimum and the maximum.
link