“Secure” is only meaningful against a defined threat model. Most threat models f... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stouset on July 7, 2024 \| parent \| context \| favorite \| on: PostgreSQL and UUID as Primary Key “Secure” is only meaningful against a defined threat model. Most threat models for database IDs do not require their creation timestamp to be secret. Meanwhile every use case for database IDs requires them to be looked up in an index.

groestl on July 10, 2024 [–]

I've run multiple info-exfiltrating attacks based on timestamps and sequential identifiers against various actors. There you have your threat model. While I don't have any clue about your "most", I suggest you don't ignore this vector for your opsec.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact