Should user id or video id that is passed through address bar be encrypted? If so, how?
Right now my user id is inserted in DB as an empty string and is AUTO_INCREMENT to the next number. The DB knows the last number. But if the previous numbers in the DB are encrypted, how does the DB know what number to assign before I take that number, encrypt it and update the DB with new encrypted version?
If I give every user a random number and then encrypt, I run the slight risk two users may end up with the same number as their user id.
Why do these two websites have what looks like encrypted id's in address bar?