I have URLs that look like this:
http://domain.com/object/23/
I would prefer the 23 to not be sequential and fairly random. I've seen may other posts on Stack Overflow asking the same thing but my requirements are a bit different than what I have seen.
Many of my the people using the site are competitors and it would be easy for them to poke around with some numbers to get competitive information. I'm not doing this for security and I understand that security through obscurity is a waste of time. I'm just looking for a quick way to keep people from poking around.
I'm doing this with python/SQLAlchemy with a Postgres database. I've looked at UUIDs primary key's but they seem like a large performance hit as I have alot of joins happening. I could also do UUID's in an additional column then do all joins based off of the sequential integral primary key.
Most tables that need this would have less than 1000 records. But 1 table would have a few million records. Without that table I would just use uuid and be done with it. But since I do I don't really think uuid is a great choice.
The real question is what are my other options then.
Use sequential numeric primary key, but encrypt/decrpyt them on the fly when outside of the database with some light weight algorithm
Separate column and use a sha1 hash (or other hash) on the primary_key + secret_key that is generated on the rows creation. I could then just find the row via this hash and the do all the joins on the normal pk.
Performance is the most important thing here, while still maintaining some level of randomness with low chance of collision. What are the best options for the encryption/decryption for #1 or what is the best hash algo for #2. Is there a way more obvious than either of these 2? With a few million rows is uuid not going to slow me down too much and thats the solution?