I'm building a document management system and I'm a bit worried about security. Right now, my URLs look like myapp.com/view/document/500. It’s incredibly easy for someone to just change that 500 to 501 and try to scrape someone else's files. Even with auth checks, I feel like using sequential IDs is just asking for trouble. I’ve heard that GUIDs are much better for things like session tokens and resource identifiers because they aren't predictable. Does anyone here use them for public-facing resource IDs? Does it impact SEO or performance significantly, or is it just the standard way to hide the internal count of your records?
I'm building a document management system and I'm a bit worried about security. Right now, my URLs look like myapp.com/view/document/500. It’s incredibly easy for someone to just change that 500 to 501 and try to scrape someone else's files. Even with auth checks, I feel like using sequential IDs is just asking for trouble. I’ve heard that GUIDs are much better for things like session tokens and resource identifiers because they aren't predictable. Does anyone here use them for public-facing resource IDs? Does it impact SEO or performance significantly, or is it just the standard way to hide the internal count of your records?