It is necessary to hide the real auto increment id, and assign all the news to your id of the numeric / alphabetic type, in order to exclude an automatic selection of all the news

The ideal example is the id generator in YouTube.

  • and the checksum will not work? - Node_pro
  • Any RNG / hash of something, etc. Plus, of course, saving already generated id to exclude repetitions. - PinkTux
  • As an option, timestamp. Always unique. - bitrixhater
  • Or just translate names into translit and replace all invalid characters with dashes. - bitrixhater

2 answers 2

Especially for this there is a convenient library: hashids .

The bottom line is that you leave the id in the database as it is, and on the site output the id encoded by this library.

If necessary, you can decode the id back to a number, but no one except you can do it, because it requires your secret key.

Example:

$hashids = new Hashids('my secret key'); $id = $hashids->encode(1, 2, 3); // o2fXhV $numbers = $hashids->decode($id); // [1, 2, 3]

It should be borne in mind that this is not a cryptographic library, so it is not suitable for encrypting data at the level required for cryptography. But with the task of hiding the id, it copes perfectly.

    You can take any encryption algorithm, it is possible from those that are now considered non-cryptographic. Symmetric encryption fits perfectly, the key is still sewn only in the application and it does not need to be sent anywhere. Show links encrypted, you can decrypt and get the original id before accessing the database. In case of a decryption error, you can immediately show 404 without kicking the vault. The advantage of this method is that it does not need to store the correspondence of the link and id, the impossibility of brute force and the lack of clarity of the formation is provided by the basic requirement for cryptography, collisions of encrypted strings obtained are also excluded. If you encrypt the string of the binary representation id - that is, 4 or 8 bytes (int and bigint, respectively), the resulting encrypted string will be of constant length. And having only a set of encrypted strings in the URL, it is impossible to understand exactly what and how is encrypted. If the encrypted string of 4 bytes is too short - you can always add some extraneous data to the volume.

    Or, it is possible to keep the correspondence of some random identifier directly in the DBMS. For example, a UUID, or a hash from something. You will have to look after collisions yourself. But it is possible to change the identifier in any way and make it of any length and shape.