It is a common practice to put an entity ID in the URL History Token, and use that to do whatever is necessary in the application.
do you think this it is safe to do that ? or it is better to use a Hash/Salt, MD5 to encrypt actual ID, and display that encrypted ID in the URL ? but wouldn't that result in long cryptic URLs ? and added time/cpu cycle to translate this id back and forth ? I have seen in Gmail for example, the id is encrypted, do you think the same care should be applied for displaying a report or an employee for example? instead of employee/777 or report/888 , use employee/encryptedID ? or am I being too paranoid ? : ) Thank You -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
