Hi, I am currently designing a website. One of the page of it is displaying the member's profile. The link for the page would be something close to this,
http://www.mysite.com/profile.php?id=6
I do not want the user to change the id of 6 to 7 in the URL and be able to view the next profile.
Another page in of my site is displaying a certain message other membership send to the logged in user. The link for the page would be something close to http://www.mysite/com/private_message.php?id=10. User can change
the id from 10 to other number to view messages not intended to the user.
My question is should I change add the ids from digit to a 32 character long encrypted string or should I use a one-time generated URL to increase the security?
I would be appreciated if someone with more experience could give me some hints. Thanks.
Joaquin
