If I have 10,000 users and the primary key is a unique ID going from 1 to 10,000, is there a way to give them all a unique ID such that the original primary key cannot be inferred from it?
For example, linking to your facebook profile or similar would be http://site.com/profile?id=293852
Is it likely that the id there is the same as the primary key of their user in the database? I am struggling to think of a way to have two unrelated unique ID columns, because randomly generated ones would have to be unique. I imagine if it were possible to have a GUID using numbers only the length would be far too long.
And ideas?
You have generally two options:
new Random(primaryKey).NextInt()
, or it might be quite complicated, but attack-proof, e.g. any kind of Format-preserving encryption.But then… why do you think you should protect the values of your primary keys? If the only reason is to prevent users guessing other valid user IDs, you can just append a random string to the primary key (and store it in the database and verify its correctness on access).