Should I obscure primary key values?
Posted
by Scott
on Stack Overflow
See other posts from Stack Overflow
or by Scott
Published on 2009-12-13T05:57:16Z
Indexed on
2010/05/06
16:08 UTC
Read the original article
Hit count: 357
I'm building a web application where the front end is a highly-specialized search engine. Searching is handled at the main URL, and the user is passed off to a sub-directory when they click on a search result for a more detailed display. This hand-off is being done as a GET request with the primary key being passed in the query string. I seem to recall reading somewhere that exposing primary keys to the user was not a good idea, so I decided to implement reversible encryption.
I'm starting to wonder if I'm just being paranoid. The reversible encryption (base64) is probably easily broken by anybody who cares to try, makes the URLs very ugly, and also longer than they otherwise would be. Should I just drop the encryption and send my primary keys in the clear?
© Stack Overflow or respective owner