Menu
Hi
I was wondering about disguising/encoding urls containing data from the database. For example, on my site, i have a url which is mydomain.com/messages?thread=6
6 is the number for that thread. On my site, a thread is a series of private messages between 2 people. But someone could then change the thread number to try to see private threads between other users…I do always check that the logged in user has privileges to view the thread. But i feel a bit insecure about passing database id’s aroound all over the site. Do people generally encode urls containing database info?
Thanks