Support the ongoing development of Laravel.io →
Authentication Security
Last updated 2 years ago.
0

This is why i never use auto increment ids as primary keys.

0

astroanu said:

This is why i never use auto increment ids as primary keys.

This is why? I don't see the problem with auto-incrementing IDs. You can avoid the problem described above in simpler ways. Even if you have non-auto-incrementing IDs I will most likely still be able to get your IDs. It depends on your level of sophistication while generating the IDs as to how long it takes to guess them all.

Regardless, this isn't the point of the post. That was an example of how this could show info we don't want displayed. Say it was usernames we used. Now my girlfriend could see that DutGRIFF has an account on some dating site. Ha. What if someone used email addresses? What if I created dutgriff.com/i-love-you/Sadie and Sadie was curious as to if dutgriff.com/i-love-you/Miley was a route. Bam I am busted for two-timing.

These are obviously examples... I don't have a girlfriend.

Last updated 9 years ago.
0

It depends on your level of sophistication while generating the IDs as to how long it takes to guess them all.

you are correct. however security breaches like these can be minimized with how us, developers model databases and how we use sensitive data.

0

Simple, don't allow the routes to exist for unauth'ed users. Deny them the information they seek:

Route::group(['middleware' => 'auth'], function() {
	// Routes go here!
});
0

I know there are many ways to fix this problem. The solution isn't what I am questioning though. I think this should be in the docs at least. The method in my answer is an extremely common one and I think it could get people into trouble.

Most good developers are going to think to protect against mass assignment. But still, right out of the box we ensure the developer can't accidentally allow mass assignment. I know this isn't nearly as important and for most routes it wouldn't matter at all but it could get someone in trouble.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

dutgriff dutgriff Joined 28 Aug 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.