do document IDs in Meteor need to be random or just unique? -
i'm migrating data rails system, , convenient assign migrated objects ids post0000000000001
, etc.
i've read here
creating meteor-friendly id's in mongo?
that meteor creates random 17 character strings
23456789abcdefghjklmnpqrstwxyzabcdefghijkmnopqrstuvwxyz
which looks chosen avoid possibly ambiguous characters (omits 1
, i
, etc.)
do ids need random reason? there security implications being able guess meteor document's id?! or easy way of generating unique ids?
mongo seems fine sequential ids:
http://docs.mongodb.org/manual/core/document/#the-id-field http://docs.mongodb.org/manual/tutorial/create-an-auto-incrementing-field/
so guess have meteor constraint if exists.
the ids need unique.
typically there element of order: such using integers, or timestamps, or sequentiality.
this can't work in meteor since inserts can come client, may disconnected period, or clients clocks may off/have varying latency. not possible know previous _id
(in case of sequential _id) @ time _id written owing latency compensation (instant inserts).
the consequence of lack of order in ddp protocol decision use entirely random ids. not can't use own _ids.
while there risk of collision strategy minimal on order of [number of docs in collection]/[55^17] * 100 %
or impossible. in event occurs client temporarily insert , cancel once server confirms error mongo duplicate key error.
also when comes security other answer. not of issue if _id of user known. not possible log in without valid hashed login token or retrieve information it. applies user collection of course. if have own collection guessable url containing id reference without publish method checks on eligibility read data risk high entropy random ids generated meteor can mitigate.
as long unique should ok use own ids.
Comments
Post a Comment