|
|
|
|
|
|
by radagast
3725 days ago
|
|
|
> But it could expose user/site data as any user could access that pk, or just guess at the next sequentially generated pk. Using a UUID instead of a sequentially rolling integer ID isn't solving your problem, you're just doing security through obscurity. The real solution is implementing real authentication & authorization - not making the key harder to guess. |
|
|
A common sentiment, but not true if your id is cryptographically random. It amounts to capability security which is the right approach to security if used comprehensively.