Hide User ID's

How would this add security to a forum? If someone is in a position to run malicious code based on user id, why wouldn't they be able to look up the user ID based on the user name?


In either case, I'm not sure if this is entirely feasible to be honest, a lot of vB pages depend on the user ID in the URL to function properly.
 
Steris56 said:
and how would they do that if the id was hidden.....
Click to expand...
Because the user ID is stored in the database.
Code: 
SELECT userid FROM user WHERE username = 'Steris56'
will return 1098 regardless if nowhere on the entire forum your User ID could be located by a normal member.
Thus, if someone has unlawful access to the database, they will be able to find your user ID and/or do any form of damage to your account even if they don't know your User ID.
 
You must log in or register to reply here.

Similar threads

M
WYSWYG post thread copy function to post profile
Replies
0
Views
851
meteor95
M
db-fan22
Require User to upload Avatar upon Register
Replies
0
Views
853
db-fan22
db-fan22
A
  • Locked
assign multiple add-ons to a user at the same time
Replies
1
Views
965
Fillip H.
Fillip H.
S
Watch Thread also if first post liked
Replies
0
Views
3K
Sbenny
S
db-fan22
Request Add-on Thread Ratings
Replies
0
Views
910
db-fan22
db-fan22
Back
Top