We have a database table that will be 10 million records. We do not want to use auto_increment, because it will allow our users to find out how many records we have. We do not want to disclose this to our competitors. The problem I see is that using a UUID or something similar will kill query performance.
for example, this is no-no:
http://domain.com/widgets?id=34345
because competitors can crawl the site to determine how many widgets we have. Should this business protection be handled at the application level or is it normal to handle it at the database level? What do most people do in this situation? The database we use is postgres, but I assume that the solution is still an agnostic of the database.
source
share