Hacker News new | past | comments | ask | show | jobs | submit login

Maybe it's because it's advocating for security by obscurity? It would probably be more resource-intensive for the server if a bot were to scrape every single page to collect UUIDs instead of methodically going through them.



Oh, that's interesting — I hadn't considered that creators of web apps might choose to do this to make scraping easier. Generally, I've understood that exposing internal IDs is undesirable.

[1] https://blog.jiayu.co/2018/09/methods-for-obfuscating-sequen... [2] https://stackoverflow.com/questions/396164/exposing-database...


One way to avoid this is to look for something requesting only profile pages, then cut them off after a certain number of requests.


All sorts of incidents have happened this way. Somebody even got arrested for pointing it out on some government website, once.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: