Jeff Davis wrote:
On Mon, 2011-05-02 at 23:07 -0400, Greg Smith wrote:
I see this whole area as being similar to SQL injection. The same way
that you just can't trust data input by the user to ever be secure, you
can't trust inputs to your database will ever be unique in the way you
expect them to be.
So, don't trust them to be unique then. Make up your own unique
identifier, and use that.
If you're making up your own unique identifier, that's closer to a
surrogate key as far as I'm concerned, even though it doesn't fit the
strict definition of that term (it doesn't have the subtle idea that
"surrogate" implies "meaningless"). Now, there is some value to doing
that well, instead of just using the typical incrementing integer
"pointer" approach, as you've called it. But if it's not derived from
external data you're storing anyway, it's not a true natural key either.
--
Greg Smith 2ndQuadrant US greg@xxxxxxxxxxxxxxx Baltimore, MD
PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.us
"PostgreSQL 9.0 High Performance": http://www.2ndQuadrant.com/books
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
