I'm designing a Django Rest Framework API with PostgreSQL. In the database I'll be recording information about documents which can be requested for download. I want the request to include a unique id, so the server knows which document to retrieve. Every document can only be requested once by the one user who has its id value.
However, I read that using primary key values (in my case would be a UUID generated by Python) outside of the database is insecure.
The question
So, can I use a UUID as primary key in the database and let users request the document by this UUID or should I generate another id for the user to request the document by? Any help is appreciated!
Best Answer
It doesn't matter much if you use an
uuidor abigint.If you generate the keys in one database, using a
bigintcolumn with a sequence has the advantage that it uses only 8 bytes instead of 16. Also, counting an integer up is cheaper than generating a UUID.UUIDs shine if keys are generated in several places independent from each other and the resulting identifier should still be globally unique.