In this site we have id
s for categories
. These are essentially the primary key
of categories
table. They are sequential and auto-incremental.
This id
is passed around the site as hidden field, session value etc. In the backend whenever a form is submitted, or some db update is done etc, the id
is validated to make sure that it has not been tampered with.
$id = $this->getPostField(cat_id);
$id = validate($id); //perform checks on the id field
I could encrypt/decrypt the id so that even if anyone looks at the hidden field he couldn't really understand its value. However my question is - is it really necessary or will I be just adding a layer of complexity which only increases the overhead without too much value add?
$id = $this->getPostField(cat_id);
$id = validate(keyDecrypt($id)); //perform checks on the decrypted id field
I guess why I am asking this is because the id is not a very sensitive data like a credit card or social sec number. It does not really matter that the user can see it if he reads hidden fields. As long as I am validating it in the backend I am assuming I should be fine (?)