This is why i never use auto increment ids as primary keys.

astroanu said:

This is why i never use auto increment ids as primary keys.

This is why? I don't see the problem with auto-incrementing IDs. You can avoid the problem described above in simpler ways. Even if you have non-auto-incrementing IDs I will most likely still be able to get your IDs. It depends on your level of sophistication while generating the IDs as to how long it takes to guess them all.

Regardless, this isn't the point of the post. That was an example of how this could show info we don't want displayed. Say it was usernames we used. Now my girlfriend could see that DutGRIFF has an account on some dating site. Ha. What if someone used email addresses? What if I created dutgriff.com/i-love-you/Sadie and Sadie was curious as to if dutgriff.com/i-love-you/Miley was a route. Bam I am busted for two-timing.

These are obviously examples... I don't have a girlfriend.

It depends on your level of sophistication while generating the IDs as to how long it takes to guess them all.

you are correct. however security breaches like these can be minimized with how us, developers model databases and how we use sensitive data.

Simple, don't allow the routes to exist for unauth'ed users. Deny them the information they seek:

Route::group(['middleware' => 'auth'], function() {
	// Routes go here!
});

I know there are many ways to fix this problem. The solution isn't what I am questioning though. I think this should be in the docs at least. The method in my answer is an extremely common one and I think it could get people into trouble.

Most good developers are going to think to protect against mass assignment. But still, right out of the box we ensure the developer can't accidentally allow mass assignment. I know this isn't nearly as important and for most routes it wouldn't matter at all but it could get someone in trouble.