Just curious about your thoughts on this subject.

Example:
www.site.com/?id=1
or
www.site.com/?id=8adyfa8df614812yasdf (which is also "1", but encrypted)

What would you recommend? What do you use? Anyone with pros and/or cons on if you should encrypt your URL data?

My thoughts:
Pros (to encrypting URL data):
- Makes it harder for unwanted people to guess ID's, and thus you will have a safer application.
- Noone will have the real access keys to your data, as long as they don't know how you've encrypted the URL data.

Cons:
- Longer URL's.
- Uglier URL's.
- Need for extra security checking (encryption/decription) on each page of your application.

Considering this, I would say that an application that handles private data could benefit from encrypting URL data, as it adds just an extra bit of security, while for an application that is completely public, it would have no use encrypting URL data (obviously), as everyone has access to the application anyway.

The question that remains is: is it worth going through an extra bit of trouble to provide that extra bit of security?

IMO, security through obscurity isn't really a solution, nor worth the effort.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.