It’s a common technique in a lot of DB systems. Also usable in mySQL and similar, but normally not by default. Often referred to as UID or GUID. (Globally) Unique IDentifier. MongoDB can generate this where the first bytes are related to a timestamp. Say that you have a user system. And you know your own postID based on the URL.
If this is sequential, you know that 41 exists. If you haven’t added security to protect against this, it’s quite easy to change the url to be able to edit it. However if you have an ID consisting of a more randomized identifier, guessing a valid one is close to impossible. An example ID from meteor default: dvfrbZ9Da5xgxXpEh
case sensitive alphanumeric with 17 characters in this case. That gives 62 possible symbols and 17 spaces. 62^17 is about 3 * 10^30. Of course you should check access right regardless, but it provides an extra level of security by making it impossible to guess IDs.
Try out Mongo.ObjectID instead perhaps as this is timestamp related and more likely to be sequential. It’s explained how you change in the other link I sent. However, it’s not guaranteed. The 4 byte timestamp can overflow after quite a few years ;). Best option is createdAt in any case. Created server side.
ObjectId is a 12-byte BSON type, constructed using:
a 4-byte value representing the seconds since the Unix epoch,
a 3-byte machine identifier,
a 2-byte process id, and
a 3-byte counter, starting with a random value.