mysql - Is it bad practice, security-wise, if user could know the primary key id of items -


i populating page list of items db (lets main.htm - each item has link, , opening link display content of item.

i using ajax open items. performance reasons, have added data attribute of id each item in main.htm. if main.htm has 15 items listed, each item have data-id, e.g. item 1 has data-id =1, item 2 has data-id=2

and data-id correspond id column (primary key) in database.

is bad practice, security-wise? if yes, why?

or better practice encrypt numbers , instead of id, assign encrypted id, such xy4lf3k decrypt 1000 in db

this should not insecure way go, long keep in mind to:

  1. always escape & validate user inputs (remember, $_get param user input, not $_post);
  2. if resource identified id specific user, check if user accessing it.

otherwise, no problems there.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -