Deviner l'UID

If you use a URL like this:

page.sn?uid=46

than it's very easy for an hacker to test for other UID.

A solution to this is to generate a uuid or a random code with uuid() or genpsw()
The generation of the uuid could be done in a trigger on the table when there is an INSERT.