Make your ActiveRecord ids non-obvious
This gem is just a fork from obfuscate_id but I made the obfuscation optional because it affects to some conditions and causes errors.
Add the gem to your Gemfile.
gem "obfuscatable"
Run bundler.
bundle install
In your model, add a single line.
class Post < ActiveRecord::Base
obfuscatable
end
Then use it with to_param
or direct object passing in the view.
link_to 'Post', post_path(@post.to_param)
link_to 'Post', post_path(@post)
And in your controller.
class PostController < ApplicationController
def show
Post.find(params[:id], obfuscated: true)
end
end
If you want your obfuscated ids to be different than some other website using the same plugin, you can throw a random number (spin) at obfuscatable to make it hash out unique ids for your app.
class Post < ActiveRecord::Base
obfuscatable :spin => 89238723
end