just some points on 'hiding' ids- - if you're doing a social media site, with numeric ids your competitors and the annoying industry blogs will be judging and guaging your popularity and success by sequence ids
- by using the ids, you're good on a pylons app... but lets say you need to offload something onto php or another system accesses the same database -- one that is not hardened against sql injection attacks. you have now exposed your ids - which are fkeys and indexes - to the public through pylons and have a vulnerability elsewhere. the security risk might not be in pylons, but you've opened the door for abuse on your db through other apps. our practice has needed us to ensure security to clients, and i'm sick of reading bloggers judging the success of sites based on sequence numbers and not on the spirit and activity of the active members. so we hide that, and in all companies i consult to, i insist that they hide numeric ids on everything. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
