joined:Apr 23, 2009
In lot's of instances I see urls such as www.test.com/user.php?id=10 etc.
Is there any "danger" associated with showing these ID's assuming you have already verified that user has the right to view them i.e. so if they try to view www.test.com/user.php?id=11 but are not allowed to then it stops them from doing so?
I have saw some apps which use things such as www.example.com/09a30000000D9x or some other random, unique string which makes it much harder for someone to try and find the next record or to try and view a specific record which they are not meant to but is this actually necessary?