Stopping people from brute forcing URL / UUIDs

Stopping people from brute forcing URL / UUIDs

El Forum
Guest

#14

03-23-2009, 10:33 AM

[eluser]dcunited08[/eluser]
Another option I just thought of would be to change the link by multiplying a large number and the id and then dividing to find the ID on the next request.

Code:
// for link

site_url("details/". $id * 123456);

function get_data_by_id($id){

//check to make sure the id has been obfuscated 

$id = (($id % 123456) === 0) ? ( $id / 123456 ) : $id;

//rest of code here

Almost all options could be figured out and automatically replicated but the time it takes to figure it out, without a tool, is much greater.

Messages In This Thread

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 05:32 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 06:15 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 06:23 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 06:29 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 06:51 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 06:56 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 07:28 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 09:44 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-22-2009, 11:06 PM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-23-2009, 05:20 AM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-23-2009, 09:11 AM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-23-2009, 09:21 AM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-23-2009, 10:25 AM

Stopping people from brute forcing URL / UUIDs - by El Forum - 03-23-2009, 10:33 AM