Hi all,
I am looking to use a hash as the id in my models, so that there isn’t an obvious ascending id=x in the URL for sensitive objects (e.g. financial transactions). I have of course created a security model around access to these objects, but that still exposes a “does object exist” vulnerability - if a user can see an object with id=833, then it’s highly likely that there are at least 832 other objects in the database that they might be able to access using some vulnerability in the code. However, if their known good object had id=4c639ba20874, then there’s a hell of a lot of “lower” ids that don’t exist, and any random guessing can be spotted in logs and potentially automatically blocked.
My guess is that I can create a ‘pk’ field in my model which is TYPE_PK, and then an ‘id’ field of type TYPE_STRING, and populate the id field using EVENT_BEFORE_INSERT. Clearly a UNIQUE index would be needed with some code to deal with potential clashes, but I think it would work. Relationships would still be done on the pk field for performance, but any lookups/searches would be done by id.
Does some code already exist out there, or does anyone have any guidance? Is this a really bad idea?
Thanks in advance!