Quarkus: Allow alternative IDs for PanacheEntity POJOs

Created on 1 Dec 2019  路  3Comments  路  Source: quarkusio/quarkus

Currently, PanacheEntity will automatically have a Long ID field added automatically, but sequential IDs are considered a bad practice in security circles because of the predictability. It would be useful if there were a way to have PanacheEntity to use alternate methods of generating the unique ID (e.g. UUIDs).

References:
https://www.clever-cloud.com/blog/engineering/2015/05/20/why-auto-increment-is-a-terrible-idea/
https://phil.tech/http/2015/09/03/auto-incrementing-to-destruction/
https://medium.com/@hakibenita/bullet-proofing-django-models-c080739be4e#.xy7x1u2qj

The gist is that if you use a sequential ID for your data, you can expose much more data than you intend, make it easier for malicious parties to attack your application, and you can potentially violate regulatory requirements around privacy.

kinquestion
Source
picture InfoSec812

All 3 comments

@InfoSec812 instead of extending PanacheEntity you can alternatively extend from PanacheEntityBase and define aa custom ID strategy.

machi1990 picture machi1990 on 1 Dec 2019
👍1

The Quarkus documentation about custom ID with Panache is here: https://quarkus.io/guides/hibernate-orm-panache#custom-ids

@InfoSec812 is it what you'r looking about? Can we close the issue ?

loicmathieu picture loicmathieu on 2 Dec 2019
👍1

Dang! And I tried so hard to make sure that I looked to see if there was already an option and I didn't find it. Yes, extending PanacheEntityBase appears to be a good solution for me. Cheers!

InfoSec812 picture InfoSec812 on 2 Dec 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Rashmini picture Rashmini  路  3Comments
enbohm picture enbohm  路  3Comments
dcdh picture dcdh  路  3Comments
rsvoboda picture rsvoboda  路  3Comments
gastaldi picture gastaldi  路  3Comments