Go to main content

help desk

Guessing UID

What could I use to prevent Hacker to guess the UID?

Asked on 2022-01-11 14:46:00

OFFICIAL ANSWER

If you use a URL like this:

page.sn?uid=46

than it's very easy for an hacker to test for other UID.

A solution to this is to generate a uuid or a random code with uuid() or genpsw()
The generation of the uuid could be done in a trigger on the table when there is an INSERT.

Answer by:
Pierre Laplante

Replied on: 2022-01-14 06:25:00