User name as DB ID
I am creating a simple web application.
Is it wrong to identify user by it's user name even in the application 开发者_StackOverflow中文版low level?
For example, say I have a authentication token table that has three columns: token, userID, expDate. Will it be wrong to put the user username in userID column?
Do I have to worry about the fact that everybody knows the user ID in my DB?
No, I don't think there's anything wrong with that particularly. I've seen that in practice at very big sites - just make sure that you have a unique constraint and index for that value (better, make it the primary key). Also, consider that using the username as their ID means you can't let the user change their username later without breaking existing links (say, if your user shares their user page externally).
I'm not sure, but there might be some overhead from using a string instead of a number. Also it could be a hassle to update other database tables if a user's username ever changes.
精彩评论