If in some circumstances you find you need to pass an id but don't
want people 'browsing' by changing id.
You can create a hash of the file id and some 'secret' string ( i
often use the current logged in user so it varies) if the hashed id
matches the submitted hash then you know that they haven't
But surely hashing (and slugs) is just security by obscurity. Whether
you guess another person's profile id/hash/slug, or get a link from
somewhere, you should not be able to view someone else's profile.
On Tue, May 25, 2010 at 10:37 AM, Tofuwarrior p...@clearintent.co.uk wrote:
If in some
