• kjf
  • Ticketholder
  • Offline
  • Registered: 2007-08-18
  • Posts: 19

Topic: Hide user id

Hi,

I have a user model whose id I don't want to share with the public.
So at the moment a link on a page to the users account page which looks like http://localhost:3000/users/1

Is there any way to disguise the user id so my competitors don't know how many users I have signed up to the site?

  • Registered: 2008-08-10
  • Posts: 24

Re: Hide user id

I have actually come across the exact same issue in my current project. I also noticed however, that if you look in the generated HTML code of a 'form_for' that is attached to your user model for example, you will see that the id appears within the code of the page also.

So the ID is all over the place anyway even if you take it out of the URL. And it felt to me that trying to remove it from the URL seemed to be working against the built in RESTful routing stuff that Rails does now and I was just making more work for myself.

My workaround/solution that I plan to implement is to seed the ID in the production database so that it does not start counting at 1, rather it will be some much higher arbitrary number. This will make it impossible for anyone to know exactly how many users there are just by looking for the ID in the URL and in pages. I guess someone could still sign up for an account, take note of its ID, then come back and sign up for a new account months later and in that way work out how many *more* users you have than you used to... But I figure if anyone is that obsessed with my app that they are willing to go to that much trouble, then I'm happy. smile

I guess another possibility would be to look into one of the URL slugs plugins and hide the ID in the URL that way, but I'm not sure if the ID would still be present in the page source of forms and stuff.

If any Rails gurus want to comment on this one, I'd also be interested to hear.

Last edited by jonny_noog (2008-10-11 18:05:34)

  • From: norway
  • Registered: 2007-06-12
  • Posts: 212

Re: Hide user id

In the controllers, do this:

def show
  @post = Post.permalinked_find(params[:id])
end

Then, the model:

class Post < ActiveRecord::Base
  before_save :set_permalink
  # A find that finds by permalink, and like the regular find(id), raises an error
  # if no record was found.
  def self.permalinked_find(key)
    find_by_permalink(key) || raise(ActiveRecord::ReordNotFound)
  end
  def to_param
    permalink
  end
  private
  def set_permalink
    self.permalink = title_in_permalink_format
  end
  # Replaces anything that's not a character or a number with a dash.
  def title_in_permalink_format
    title.downcase.gsub(/[^a-z0-9]+/i, '-')
  end
end

The meat here is the to_param definition. It is what rails uses to determine what the "id" of the object is. When you do post_path(@post), Rails calls to_param on that @post object. It returns the id by default, but you can re-define it to return whatever you want. The 'permalink' attribute, in this case.

Last edited by leethal (2008-10-12 04:33:50)

http://stuff.lilleaas.net/

leethal's Website