Home/ Questions/Q 7159765
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T13:17:08+00:00

I need help on coming up with a strategy to handle object ids in

  • 0

I need help on coming up with a strategy to handle object ids in a PHP/MySQL application I’m working on. Basically, instead of having a URL look like this:

/post/get/1

I’m looking for something like:

/post/get/92Dga93jh

I know that security-through-obscurity is useless (I have an ACL system in place to handle security) but I still need to obscure the ids. This is where I’m stuck.

I thought about generating a separate public id for each DB row but have been unable to find a way to create truly unique ids.

I suppose I could encrypt and decrypt a MySQL auto increment row id as it leaves and enters my app, but I’m not sure how ‘expensive’ PHP’s encryption and decryption methods are. Additionally, I need to make sure that the obscured id remains unique so that it doesn’t decrypt into the wrong value.

Also, since my domain objects are related to each other, I want to avoid any unnecessary strain on MySQL if I decide to go with generating and storing an obscure id in the tables.

I’m beating my head against the wall because I feel like this is a common scenario, yet can’t figure out what to do. Any help is greatly appreciated!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d just use a salted md5. It’s secure for 99% of the cases. The other 1% will be when you are wacking your head on the wall cause you got your data stolen by a pro-hacker and it becomes critical to minimize the impact of it.

    So:

    $sql = 'SELECT * FROM my_table WHERE MD5(CONCAT(ID, "mysupersalt")) = "'.$my_checked_url_value.'"';

    And generating the same thing from PHP can be done using similar strategy:

    <a href="/link/to/mypage/<?php echo md5($id.'mysupersalt'); ?>"> link text </a>

    Hope this is what you’re looking for..

    • 0