Well, it's probably best to use access control on the server rather than relying on someone not guessing an ID, but if you really need to enable access solely via the URL, then you probably want a long ID (like a UUID).
Anthony On Saturday, April 14, 2012 5:16:53 PM UTC-4, pbreit wrote: > > How do people usually do this? Obviously it's easiest just to use IDs and > prety easy to avoid any problems with guessing IDs. > > But if you do want to obfuscate IDs I suppose you could either add the > column (not ideal since better to work with IDs) or do the encryption each > time you create and retrieve an ID (for example, via virtual fields). > > Here's an article with several implementations: > > http://kevin.vanzonneveld.net/techblog/article/create_short_ids_with_php_like_youtube_or_tinyurl/ > > >
