2

I am writing a rails 3.1 program that allows a user to 'share' a picture with other people via email. A user clicks 'share this with person X', which then sends an email out to person X (who doesn't have to be registered with my app) with a link that will take them to the picture:

http://myapp.com/pictures/uuid

The person clicks the link, is taken to my app and sees the picture.

This makes me think that my DB schema should have a Pictures table that has a UUID as a primary key, but I have not seen this done in Rails before (always autoincrement ints). I don't think autoincrements will work here because it would be too easy for people to guess arbitrary url's and get to other peoples' pictures.

What is the best way to handle this in rails?

Improve this question

1 Answer 1

Reset to default
2

You should leave the primary key of the table alone and let rails autoincrement that.

I would create a string that is X random characters + id.to_s, and use that as the UUID. This way it's hard to guess and still guaranteed to be unique.

If you want your UUIDs to all be the same length, you could do a hash transformation on the resulting UUID, but then you'd want to do a check for uniqueness when saving to be sure.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

so you are saying to have another DB column called like 'ExternalId' or something to represent the random characters, and then index on that?
Right, I'd have a second DB column. You could create a unique index on that column in your migration to enforce at the DB level, but you should definitely put a validation rule in your Pictures model to enforce uniqueness in the application logic.
if you generate a proper UUID though, is it even worth the effort to validate uniqueness? What are your advantages of using random characters + id.to_s in this case?
You could also store the MD5 sum of the image file, and use that as the lookup. An added benefit of that is that if someone uploads the same image twice, you only need to store it once - thus saving space.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.