So, I am working on a product and using ID's in the URL and not using slugs.
The only point I know devs use slugs instead of ID's is the fact that firstly it's an SEO enhancement, secondly it's minimal security as no one likes seeing ID's in URL's (pretty URL's).
I want to know whether using an ID is dangerous and whether a user can get all the data via curl or something.
It's a conversation, not asking for the solution, of course I'm implementing slugs now.
Not dangerous in itself, as you would have authorisation controlling if a page is view-able or not by the user requesting it.
if you're using auto incremented ids then the user might predict total number of users, in table or might try typing random numbers. If you're using UUIDs exposing a user id won't be a security issue.
Only dangerous if you arent concerned about others finding out the size of your database. Use UUID's and mask the id's.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast