The online racing simulator
Using incremental numbers in URL is bad idea
(3 posts, started , go to first unread)
Using incremental numbers in URL is bad idea
I would send this as a personal message, but Victor does not accept messages.
This is kinda important for a website.
If you dont know what are you talking about,or you are about to say something stupid,please skip this post.
So yeah, what are incremental numbers you may ask?
Their value changes depending on what we are counting, in this case these are users and forum posts.
So,for example, if we count apples (or registred users/forum posts in this case) the number of apples will increase by 1 for each apple (If we are using numbering system with base 10).
It's okay to use incremental numbers in that case but using it on website as address is not.
Why?
- First, you can clearly see who did register first on website https://www.lfs.net/profile/1, and exact numbers of users that are registred (as today,my new account is https://www.lfs.net/profile/1899137. (Privacy problems)
- Its too easy to mine data from user profiles.
- If someone writes a spam bot,it would be easily able to send everyone a message because you need to add one (+1) to previous URL , then when the URL is random string of characters.
- Its not really large security flaw-you can't acess private profiles this way.

I know its bit of work but I think you should switch to random generated URL for each user and for each forum post.
Quote from neonmateo :It's okay to use incremental numbers in that case but using it on website as address is not.
Why?

Quote from neonmateo :- First, you can clearly see who did register first on website https://www.lfs.net/profile/1, and exact numbers of users that are registred (as today,my new account is https://www.lfs.net/profile/1899137. (Privacy problems)

Could you elaborate? I'm failing to see how is this a problem.
Quote from neonmateo :It's too easy to mine data from user profiles.

What data are you talking about? The only public data from user profiles are things like "Driven distance" or "Join date". How could this be abused? You don't have to share your personal info if you don't want to.
Quote from neonmateo :If someone writes a spam bot,it would be easily able to send everyone a message because you need to add one (+1) to previous URL , then when the URL is random string of characters

I would be amazed if since the beginning of this website there was no protection for this and noone abused it to this day. Even if that was true - you need to log in to an account to send a message so I'm pretty sure spam bot could be protected simply by restricting the amount of messages sent by a user in a specific time range or something like that. No need to redo the whole URL generating system for this (not to mention that's surely not the only thing that would have to be reworked).
The old forum had minimum time gap of 1 minute between postings/sent messages. I wouldn't wonder if this one has the same feature.

Using incremental numbers in URL is bad idea
(3 posts, started )
FGED GREDG RDFGDR GSFDG