TTC
Theo's Typesafe Cult2y ago
max14

Safe to use a DB item Id inside url?

Hey, was just wondering if its secure to use a database object id (for example /recipe/639b9e04c57c616a5e738asd) inside the url?
13 Replies
max14
max14OP2y ago
reason being is because I dont want the recipe title to be a unique field
iDarkLightning
iDarkLightning2y ago
Yes
Alex
Alex2y ago
Just make sure you have some security setup so users can’t edit it without permission
max14
max14OP2y ago
what would be a better way? or would it just be better to have unique names and put the name inside url?
Alex
Alex2y ago
I think it’s good to use the id in the url. It doesn’t matter what unique information you put in the url, but giving users this information can be dangerous if the data is not protected
iDarkLightning
iDarkLightning2y ago
Protect your data anyway? The id is gonna be on the client at some point if you're fetching data on the page
benten
benten2y ago
Only thing I'd be careful about with ID's is not using simple int index keys as they can give away info about the structure of your DB and product. For example if I go to /users/89 I know I'm the 89th user. Up to you if that's something you want known Looks like you're using a uuid so its all good
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
vrba
vrba2y ago
i would recommend using slugs that are generated bases on some field, that makes the SEO a bit better if that is needed and also it makes the user exp a bit better since they can get a bit of the information on the url
max14
max14OP2y ago
Ah ok thanks, yeh Im using a uuid, I will do some validation to make sure you cant do anything with the ids (ie make a recipe under someone else etc), how do I go about using slugs/snowflakes? would I just add a slug field to the recipe and generate another uuid? im quite new to web app building so not 100% sure
needmorewood
needmorewood2y ago
from a user perspective having some sort of unique readable name thats related to the page is ideal from a dev and performance perspective its nicer using id's/uuids
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
needmorewood
needmorewood2y ago
it is if you are eccommerce i think, things like https://solid-movies.app/movie/436270 are ok but imagine if it had the movie name, if i looked in my bookmarks i could discern which link i want but bookmarking even just like 6 links like this isnt helpful
Want results from more Discord servers?
Add your server