Given I’ve got a site where most of the resources have numerical IDs (i.e.

Question

0

Asked: May 23, 20262026-05-23T15:23:10+00:00 2026-05-23T15:23:10+00:00

Given I’ve got a site where most of the resources have numerical IDs (i.e.

0

Given I’ve got a site where most of the resources have numerical IDs (i.e. user.id question.id etc.) but that like the Germans looking back on WWII I’d rather not reveal these to the observers, what’s the best way to obfuscate them?

I presume the method is going to involve the .to_param and then some symmetric encryption algorithm but I’m not sure what’s the most efficient encryption to do and how it’ll impact lookup times in the DB etc.

Any advice from the road trodden would be much appreciated.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T15:23:11+00:00

I usually use a salted Hash and store it in the DB in an indexed field. It depends on the level of security you expect, but I use one salt for all.

This method makes the creation a bit more expensive, because you are going to have an INSERT and an UPDATE, but your lookups will be quite fast.

Pseudo code:

class MyModel << ActiveRecord::Base

  MY_SALT = 'some secret string'

  after_create :generate_hashed_id

  def to_param
    self.hashed_id
  end

  def generate_hashed_id
    self.update_attributes(:hashed_id => Digest::SHA1.hexdigest("--#{MY_SALT}--#{self.id}--"))
  end

end

Now you can look up the record with MyModel.find_by_hashed_id(params[:id]) without any performance repercussions.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Given I’ve got a site where most of the resources have numerical IDs (i.e.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply