0

Im developing a web application, in which I need to identify a certain page using an identifier.

Usually I would use a auto increment interger, which relates to the ID of the item in the DB.

Like this for example: http://example.com/item/1

But I see more and more use of identifies like this (TinyUrl and YouTube): http://example.com/item/1BHYQJh1

And I wonder, should I go for this solution?

What is the benefit, is it just to shorten the ID in case you get up to a really long interger?

Or is it to "hack proof" the soulution so that people cant "guess" the url by replacing 1 with 2.

I really appreciate the last one, I would like to add this extra security to my application. But does anyone know of any code snippets that does this exact thing?

Examples in C# would be great.

Martin at Mennt
  • 5,677
  • 13
  • 61
  • 89

2 Answers2

1

This is not really a programming issue, but...

I prefer 'nice' URLs and I am not alone, and to me plain numbers are nicer than 1BHY..., but YMMV.

The 'guessing' you mention is not relevant here. If the user is allowed to access /2 then it doesn't matter. If he is not allowed, then basing the security on obscure URLs is a poor choice. What if someone types the wrong value and stumbles upon page not meant for him.

If you need security, you need to check whether the current user is allowed to access the page at specified URL and act accordingly.

I don't understand what 'examples in C#' mean. These are URLs, they are not expressed in C#.

Zdeslav Vojkovic
  • 14,391
  • 32
  • 45
  • Than you for your answer. The application im going to create, does not have any membership provider. That is why I think it would be nice to "hash" the id's. The user is going to create an AD, and the link to the AD should be known to the user and whoever he share it with. Like BidKat does it https://bidkat.com/i/1BHYQJh1 – Martin at Mennt Sep 19 '12 at 09:40
  • And by examples, I mean like this http://stackoverflow.com/questions/1116860/whats-the-best-way-to-create-a-short-hash-similiar-to-what-tiny-url-does – Martin at Mennt Sep 19 '12 at 09:42
  • in SO, these IDs are sequential. If you really want to hide them somewhat (but I still think it doesn't add much value), at least try to use larger domain, e.g. use GUIDs, or such. – Zdeslav Vojkovic Sep 19 '12 at 09:48
  • Okay thanks, I guess I just wanted to check. I see these identifiers so many places, and start to think "Should I also be using them?". But I guess I can go for the plain old sequential interger identifier. – Martin at Mennt Sep 19 '12 at 11:15
0

You could use Guid.NewGuid() to create a 'unique' identifier

Is a GUID unique 100% of the time?

Community
  • 1
  • 1
Christian Phillips
  • 18,399
  • 8
  • 53
  • 82