In this site we have ids for categories. These are essentially the primary key of categories table. They are sequential and auto-incremental.
This id is passed around the site as hidden field, session value etc. In the backend whenever a form is submitted, or some db update is done etc, the id is validated to make sure that it has not been tampered with.
$id = $this->getPostField(cat_id);
$id = validate($id); //perform checks on the id field
I could encrypt/decrypt the id so that even if anyone looks at the hidden field he couldn't really understand its value. However my question is - is it really necessary or will I be just adding a layer of complexity which only increases the overhead without too much value add?
$id = $this->getPostField(cat_id);
$id = validate(keyDecrypt($id)); //perform checks on the decrypted id field
I guess why I am asking this is because the id is not a very sensitive data like a credit card or social sec number. It does not really matter that the user can see it if he reads hidden fields. As long as I am validating it in the backend I am assuming I should be fine (?)
