Lauren Daniel Stegman wrote:
> I have a database where users only have access to certain records.
> A table called ACCESS_CONTROL is used to record which records a given userid
> is allowed to access.
> To impede unauthorized "snooping" all userids are 32 character randomized
> strings. Since the ACCESS_CONTROL table needs to be checked for every query
> to determine record access rights, is this design going to get really slow
> as the database gets big?
> I wonder if it would be better to have an auto-incremented unique integer
> identifier for each user. This would be the key in the AUTH_USER table
> (which stores all user information) and a foreign key in the ACCESS_CONTROL
> table. Then an extra query or join would check if the randomized 32
> character useride (saved in the AUTH_USER table) matches the login id?
> Suggestions would be greatly appreciated.
Your second design seems better to me.
It should be faster too, because you check integers not strings.
Another optimisation could be, to grab the user id only once, and then reuse it in
Obviously this depends on your client side.
PS: Sorry for the late answer, I was really busy.