ShadowID: Expose the Auto Increment ID to Public Without Compromising Security
I was tasked to update our existing implementation that uses Auto Increment ID from MySQL as the ID for the public API. The objective of this task is to prevent enumeration attacks1 and ensure that the development effort is kept to a minimum. The first thing that came to mind was to use a unique random ID like UUIDv42. However, since we are using MySQL as the database, indexing UUIDs has a significant performance impact3 due to their randomness and the locality problem of the B-Tree Index4....