What are my options if I want to prevent hackers (who may one day get their hands on the DB) from linking
User records in the DB to identities that are publicly displayed on the website?
My first thought was:
Use Rails 7’s new encryption mechanism to solidly encrypt the
User.id column in the DB (along with all other “PII” data columns). So the
User.id (which is a
UUID string) that are transparently visible on the website could not be linked to their encrypted values in the DB. While this technically works, I suppose this might introduce unexpected technical issues in the future (I’m thinking regarding the index and/or significant performance issues).
So what other (better?) options would you suggest?