Upgrade to Pro — share decks privately, control downloads, hide ads and more …

De meilleurs identifiants grâce au composant Symfony UID

De meilleurs identifiants grâce au composant Symfony UID

Les identifiants, qu'ils soient techniques ou fonctionnels, sont essentiels car ils permettent d'immatriculer les différentes ressources que nous manipulons au sein de nos projets. Ils peuvent être représentés sous différentes formes : nombres entiers, chaînes de caractères, UUID, etc. Quel est le format le plus compréhensible ? Quel est le plus performant ? Au cours de cette conférence, je vous propose d'échanger sur ce thème passionnant, notamment en (re)découvrant le composant Symfony UID. À travers un retour d'expérience, j'aborderai également le sujet de la rétrocompatibilité dans le cadre de la migration d'identifiants existants.

A7e7c34aaa3ff7eb359b6449fb8bb043?s=128

Thomas Calvet

April 09, 2021
Tweet

Transcript

  1. De meilleurs identifiants grâce au composant Symfony UID

  2. Hello :-) Thomas Calvet - fancyweb

  3. A “name” that identifies “something”

  4. A value that uniquely identifies a resource

  5. The resource unicity depends of the perimeter

  6. An elementary and essential knowledge for developers

  7. Identifiers everywhere

  8. What makes a good identifier?

  9. Is one identifier format always enough?

  10. Functional identifiers vs technical identifiers

  11. Integer identifiers

  12. Easy to use, to understand, to generate (auto increment) and

    performant 👍
  13. Lexicographically sortable 👍

  14. None
  15. Generable only by a central point (database) ⚠

  16. Guessable (IDOR) /user/22 ⚠

  17. Information leak ⚠

  18. Provides no additional context 🤔

  19. Random string identifiers

  20. Generable offline, not guessable, can be prefixed 👍

  21. Probably a little harder to use, to understand, to generate

    and a little less performant 🤔
  22. Data fragmentation / not lexicographically sortable ⚠

  23. UUIDs (Universally Unique IDentifiers)

  24. 3 UUIDs (canonical format)

  25. RFC 4122

  26. A very very very big integer (128 bits)

  27. Theoretically unique because of the number of combinations

  28. Identify a UUID version

  29. Time based UUIDs (version 1 and 6)

  30. Not lexicographically sortable UUID v1

  31. MAC address leak UUID v1

  32. Lexicographically sortable UUID v6

  33. Random node UUID v6

  34. Time based UUIDs make good primary keys

  35. Timestamp leak ⚠

  36. Name based UUIDs (version 3 and 5)

  37. Hash of a namespace and a name

  38. Reproductible

  39. Version 3 = md5 Version 5 = sha1 Prefer version

    5
  40. Random based UUID (version 4)

  41. Only randomness

  42. Version 4 UUIDs are good for random values (eg: tokens)

  43. Version 2? ⚠

  44. ULIDs (Universally unique Lexicographically sortable IDentifiers)

  45. A ULID (canonical format)

  46. Timestamp (48 bits) Randomness (80 bits) Close to a UUID

    v6
  47. Lexicographically sortable

  48. github.com/ulid/spec

  49. “Compatible” with UUID

  50. UUIDs and ULIDs are generable offline 👍

  51. Storing UUIDs and ULIDs ⚠

  52. UUIDs and ULIDs sum up 🤔

  53. UUIDs vs ULIDs 🤔

  54. Integers vs strings vs U[U|L]IDs 🤔

  55. Using UUIDs and ULIDs in PHP

  56. composer require symfony/uid

  57. None
  58. Integrated with other Symfony components

  59. Not experimental anymore

  60. Factories

  61. Commands

  62. Generate a UUID / ULID

  63. Inspect a UUID / ULID

  64. api.video study case

  65. 2 letters prefix 128 bits of randomness to base 62

    A current identifier
  66. The same identifiers everywhere

  67. User eXperience and database issues

  68. A clear prefix A ULID converted to base 58 New

    functional identifier
  69. ULIDs converted to UUID canonical format New technical identifier

  70. In the code

  71. Transforming new identifiers (video_XXX) to VideoIdentifier

  72. None
  73. None
  74. None
  75. Sum up

  76. Issues solved vs increased complexity

  77. Backward compatibility

  78. Many possible solutions

  79. Generating new identifiers for all existing resources

  80. None
  81. Transforming legacy identifiers (viXXX) to VideoIdentifier

  82. None
  83. None
  84. And so many more interesting challenges ;-)

  85. Thank you