De meilleurs identifiants grâce au composant Symfony UID

Transcript

1. De meilleurs identifiants grâce au composant Symfony UID

2. Hello :-) Thomas Calvet - fancyweb

3. A “name” that identifies “something”

4. A value that uniquely identifies a resource

5. The resource unicity depends of the perimeter

6. An elementary and essential knowledge for developers

7. Identifiers everywhere

8. What makes a good identifier?

9. Is one identifier format always enough?

10. Functional identifiers vs technical identifiers

11. Integer identifiers

12. Easy to use, to understand, to generate (auto increment) and

    performant 👍

13. Lexicographically sortable 👍

14. None

15. Generable only by a central point (database) ⚠

16. Guessable (IDOR) /user/22 ⚠

17. Information leak ⚠

18. Provides no additional context 🤔

19. Random string identifiers

20. Generable offline, not guessable, can be prefixed 👍

21. Probably a little harder to use, to understand, to generate

    and a little less performant 🤔

22. Data fragmentation / not lexicographically sortable ⚠

23. UUIDs (Universally Unique IDentifiers)

24. 3 UUIDs (canonical format)

25. RFC 4122

26. A very very very big integer (128 bits)

27. Theoretically unique because of the number of combinations

28. Identify a UUID version

29. Time based UUIDs (version 1 and 6)

30. Not lexicographically sortable UUID v1

31. MAC address leak UUID v1

32. Lexicographically sortable UUID v6

33. Random node UUID v6

34. Time based UUIDs make good primary keys

35. Timestamp leak ⚠

36. Name based UUIDs (version 3 and 5)

37. Hash of a namespace and a name

38. Reproductible

39. Version 3 = md5 Version 5 = sha1 Prefer version

    5

40. Random based UUID (version 4)

41. Only randomness

42. Version 4 UUIDs are good for random values (eg: tokens)

43. Version 2? ⚠

44. ULIDs (Universally unique Lexicographically sortable IDentifiers)

45. A ULID (canonical format)

46. Timestamp (48 bits) Randomness (80 bits) Close to a UUID

    v6

47. Lexicographically sortable

48. github.com/ulid/spec

49. “Compatible” with UUID

50. UUIDs and ULIDs are generable offline 👍

51. Storing UUIDs and ULIDs ⚠

52. UUIDs and ULIDs sum up 🤔

53. UUIDs vs ULIDs 🤔

54. Integers vs strings vs U[U|L]IDs 🤔

55. Using UUIDs and ULIDs in PHP

56. composer require symfony/uid

57. None

58. Integrated with other Symfony components

59. Not experimental anymore

60. Factories

61. Commands

62. Generate a UUID / ULID

63. Inspect a UUID / ULID

64. api.video study case

65. 2 letters prefix 128 bits of randomness to base 62

    A current identifier

66. The same identifiers everywhere

67. User eXperience and database issues

68. A clear prefix A ULID converted to base 58 New

    functional identifier

69. ULIDs converted to UUID canonical format New technical identifier

70. In the code

71. Transforming new identifiers (video_XXX) to VideoIdentifier

72. None
73. None
74. None

75. Sum up

76. Issues solved vs increased complexity

77. Backward compatibility

78. Many possible solutions

79. Generating new identifiers for all existing resources

80. None

81. Transforming legacy identifiers (viXXX) to VideoIdentifier

82. None
83. None

84. And so many more interesting challenges ;-)

85. Thank you