But how? What encryption/hashing method could be used to transform the numeric IDs to something less obvious?
Sincerely, Jerry On Jul 4, 2:01 pm, Jonathan Vanasco <[EMAIL PROTECTED]> wrote: > just some points on 'hiding' ids- > > - if you're doing a social media site, with numeric ids your > competitors and the annoying industry blogs will be judging and > guaging your popularity and success by sequence ids > > - by using the ids, you're good on a pylons app... but lets say you > need to offload something onto php or another system accesses the same > database -- one that is not hardened against sql injection attacks. > you have now exposed your ids - which are fkeys and indexes - to the > public through pylons and have a vulnerability elsewhere. the > security risk might not be in pylons, but you've opened the door for > abuse on your db through other apps. > > our practice has needed us to ensure security to clients, and i'm sick > of reading bloggers judging the success of sites based on sequence > numbers and not on the spirit and activity of the active members. so > we hide that, and in all companies i consult to, i insist that they > hide numeric ids on everything. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
