[Hiding Parameters Passed In Url Route]

Thank you Larry and Edward!  I appreciate the responses!  I suppose there is no immediate damage done for them knowing the primary keys.  I just didn't want to have someone use a program to systematically attack the site by scrolling through numbers associated with users, posts, etc.  I hope that makes sense.  I was looking at using a GUID, but it may possibly have performance issues as well as making it a pain to code with.  Thanks again!

[Hiding Parameters Passed In Url Route]

I had one quick question.  Do you think it is a secure approach to expose the primary key in the URL? 

(Example: http://www.example.com/user/54). 

 

I think it presents to much information to someone interested in data-mining your site.  They could easily tell how many objects you have or how many users you have, etc.

 

Is there a way to use a GUID or something that would hide it, or is it worth going down that route?​

 

If there is, it may make for a good short entry in the Yii Book.  I read the book twice and don't recall seeing any information about that.  Thanks!!!