undefined | Better HN

0 pointsmeowster5y ago0 comments

Maybe it's because it's advocating for security by obscurity? It would probably be more resource-intensive for the server if a bot were to scrape every single page to collect UUIDs instead of methodically going through them.

0 comments

3 comments · 2 top-level

CharlesW5y ago· 1 in thread

Oh, that's interesting — I hadn't considered that creators of web apps might choose to do this to make scraping easier. Generally, I've understood that exposing internal IDs is undesirable.

[1] https://blog.jiayu.co/2018/09/methods-for-obfuscating-sequen... [2] https://stackoverflow.com/questions/396164/exposing-database...

Minor49er5y ago

One way to avoid this is to look for something requesting only profile pages, then cut them off after a certain number of requests.

pjc505y ago

All sorts of incidents have happened this way. Somebody even got arrested for pointing it out on some government website, once.

j / k navigate · click thread line to collapse