I’m developing a product quotation system, and in order to encourage Suppliers to submit a quote it is being designed so that no login is required.
The quote table is as follows:
id
product_id
supplier_id
price
verify
If a supplier is invited to quote, a record is created for them in the Quote table. The record when created has a random 10 digit/character string and in order to access the record the URL query string must contain the record ID and the random string. For example:
Record ID value is visible on update/view actions… it’s not a security problem per se…
It all depends on the algorithm to calculate the random string… maybe to incorporate some checking… for example the last digit/char is calculated from previous 9 with your proprietary formula… so that is more difficult to guess the random string…
haven’t tried it… and I’m not sure how would that affect overal speed… because myFindMethod() would return all the random strings so it could be a very big list…
I would put that check in a private function checkQuoteRandomString(id,qstring) that checks if the random strings correspond to the ID and returns true or false… and from actionCreate() and actionUpdate() call that function