Hi GMarci!
You may have already answered your own question, but I had a client with a similar need when exposing their application to EOTI. Along with generating a random 'key' number for them to use to resume progress on their record I also obfuscated the RID by converting it to the r=format that uses numbers and letters through the use of the formula function
QB32Encode.
So where you may have a URL formula such as:
URLRoot() & "db/" & [_dbid_table] & "?a=dr&rid=" & [Record ID#]
with a result of https://<name>.quickbase.com/db/<dbid>?a=dr&rid=1
The new URL fomula would be as follows:
URLRoot() & "db/" & [_dbid_table] & "?a=dr&r=" & QB32Encode( [Record ID#])
with a result of https://<name>.quickbase.com/db/<dbid>?a=dr&r=b
This type of encoding is much harder to break as it is not incremental.
Let me know if this was helpful 👍
–Sharon
------------------------------
Sharon Faust (QuickBaseJunkie.com)
Founder, Quick Base Junkie
https://quickbasejunkie.com------------------------------
Original Message:
Sent: 12-30-2019 09:19
From: G.Macri G.Macri
Subject: Replace record ID with other RNG based field for URL hacking
Hi,
The long and short of it is, i'd like to obfusticate the RID portion of a URL for an edit record with something a little more random.
The purpose is to stop random searching of records via URL hacking where the user could change the &rid= portion of the URL. However, in my app, i have enabled EOTI users to "Save" their progress on a form, which would email them a link to edit the record they were just editing.
So essentially, i was wondering if i could make a different reference in the URL which is harder to guess than RID
------------------------------
GMacri
------------------------------