Our great sponsors
-
Hashids.net
A small .NET package to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Another way to solve enumeration attacks is to use a two-way hashing algorithm to convert your auto-incrementing integer IDs to a hash of arbitrary length. This is essentially what YouTube is doing with their video IDs and it's a low-CPU, low-complexity solution that prevents/severely deters enumeration attacks.
Here is one such library for C# https://github.com/ullmark/hashids.net
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a more popular project.
Related posts
- Cache human-readable route-values of a Web API or not?
- Using a Guid as a PK, best practices.
- Generating what appears to be a random long from a long, and being able to reliablely convert it back to its orignal value.
- Does anyone know of a modern, DotNet7/C#10 implementation of this article, which covers tamper-proof hidden fields? They are exceedingly useful for CRUD forms which need to hold - but should never allow modification of - certain values, but I haven’t found an appropriate upgrade path.
- Reversible "masking" of int data