Menu
Hi, our site needs to make a url resource harder to guess. Currently, we have userID’s like “10076”, which are sent in a query strings to access resources. I have this suggestion from a colleague:
“Upon login, instead of a userID, create a longer key (maybe 64-bytes of hex chars), that isn’t guessable within our lifetimes. (that’s twice the length of GUID, which is called Global Unique Identifier for a reason). The key needs to be a two-way key, so it needs to be created from a userID, and it needs to be convertible back to userID”
What is the method or function to create this two-way key, and convert it back?
Thanks.