-
-
Save anthowen/9dab0b29c6349fb6b2e5b58b611cc99f to your computer and use it in GitHub Desktop.
DB Best Practices & PostgreSQL Snowflake ID Generator Function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CREATE SEQUENCE IF NOT EXISTS public.global_id_sequence; | |
CREATE OR REPLACE FUNCTION id_generator(OUT result BIGINT) AS $$ | |
DECLARE | |
epoch BIGINT := 1610850820000; | |
seq_id BIGINT; | |
now_millis BIGINT; | |
shard_id INT := 1; | |
BEGIN | |
SELECT nextval('public.global_id_sequence') % 1024 INTO seq_id; | |
SELECT FLOOR(EXTRACT(EPOCH FROM clock_timestamp()) * 1000) INTO now_millis; | |
result := (now_millis - epoch) << 23; | |
result := result | (shard_id << 10); | |
result := result | (seq_id); | |
END; | |
$$ LANGUAGE PLPGSQL; |
best practices for protecting your db before deploying:
- back it up
- don't expose it to the internet
- sanitize/escape inputs
- ensure no sequential IDs
- Always run up to date version to ensure no vulnerabilities
- Limit access
- Separate your database server from your app server
- If your backing up your db make sure it’s encrypted
- make sure to turn synchronization off if you use that in dev!
- Automated snapshots.
- a strong master password
- Create an under priviliged user for the services connecting to it.
- Think about a more resilient rollback strategy if you can handle that from a financial point of view (replication factor, main/replicas, bluegreen, etc)
- Use SSL certificate to encrypt the connection between your backend and the DB.
- Specific user with explicit rights for your data layer connection. i.e. dont just use root
- Use soft delete
- Have a regular process of testing and certifying said backups work. That way you verify there are good and you know how to quickly recover when something does happen. Rather than figuring it out in a rush then hoping it works. (Experience taught me this, thankfully it worked.)
- Test that you're able to restore the DB backup (make sure restore of backups are working. sometimes restore breaks if db versions mismatch)
- Change default ports, and use ssl.
- Don't run your own server on compute. Use cloud providers like rds or sql from gcloud
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Twitter thread: https://twitter.com/benawad/status/1350586766684782592