I am working on a new application, and in order to overshadow the perception of his infancy, I would like to hide all cases that could reveal this, for example,
$postId=000001 . Instead, we get $postId=sH4d6s8d . Something short but unique.
I read a few other questions, unfortunately, most of the answers went into security issues. Application security is not a problem here, I'm just looking for a way to pass an obscure representation of the string identifier using GET and resolve this URL, which means that multiple user machines can interpret obfuscation.
I looked at the surrogate keys for MySQL, XOR, but I am very green, and my understanding quickly disappeared. What is the right solution here? Any examples? Thanks.
Update
Decided on a simple solution XOR + urlencode. i.e:
$v = urlencode($var ^ $key) $v = (urldecode($v) ^ $key)
From testing so far, this seems great for my purposes. However, it looks like a Firefox auto-decodes urlencode to display, defeating the whole purpose of the idea:
$v = r%5CQXr%5CQXr%5CP <a href="whatevs.php?id=$v">link</a> // Firefox renders the below anywhere link is visible (besides source) whatevs.php?id=r\QXr\QXr\P
This is annoying. While the identifier is still unclear, and the source is “traditionally” urlencoded, these characters do not look natural in the URL. But the real problem is the one who copies / pastes the link will not get the correct resource.
Is there an easy solution for this?