I’m creating a ASP.NET MVC website and I was wandering which techniques do you guys use to protect primary key on these mvc urls.
Actually ASP.NET MVC generates this syntax for its urls:
/Controller/Action/Id
Last week I was trying to encrypt it using SHA-1 Encryption, but this encrypter generates some special symbols like + (plus), / (slash), and other annoying chars which difficult the decryption.
Perhaps creating a custom encryption should solve the problem. But I wanna here from you guys, do you have some ideas to protect mvc urls?
The best (=only proper IMHO) way to protect the Primary Key is to have server side security checking if the current user is allowed to see it. The other usual option is using Guids which are hard to guess, but without server side validation it’s still Security by Obscurity.