Encrypt URL Params, such as the id

What are you really trying to accomplish here? Why is it bad if your
users know the IDs of your model objects?

-- James

What I am trying to achieve is so that malicious users do not call
controller actions in a loop with all the IDs, thereby killing the
server.

-Vinod

Vinod Krishnan wrote:

What I am trying to achieve is so that malicious users do not call
controller actions in a loop with all the IDs, thereby killing the
server.

-Vinod

>
> >
> > Is there any easy way to encrypt the URL params that is seen in the URL.
> > I dont feel comfortable exposing the id of the models to the external
> > user.
>
> What are you really trying to accomplish here? Why is it bad if your
> users know the IDs of your model objects?
>
> -- James
>
> >
>

And what would happen if they just repeatedly threw randomly generated
parameters at it?

_Kevin

In that case, try and solve the problem you actually have, rather than
find ways to hide it.
There are plenty of ways you can prevent malicious users breaking an
application.
1. Log the originating IP of requests and deny access after a certain
number of requests.
2. Create a token which is hashed and must be included in requests,
expire these after a certain amount of time.
3. Use a captcha form or similar principle to prevent automated requests.

Such techniques are much more efficient since they provide security at
the point of the problem. As others have pointed out malicious users
can always find a way around obfuscation and you'll find yourself
continually fighting fires with your code.

Ross