Removing ID from CakePHP URL?

Hey guys! Working on a new Cake app and wondering if there is anyway for m开发者_JAVA技巧e to remove the ID-in-URL routing from Cake. Perhaps by passing the ID in POST somehow? Having the ID passed in as a URL param just seems really shoddy and unsafe. Thanks!

"Shoddy"? It's standard practice and a perfectly fine solution to have ids in the URL. Look at the URL of your question:

http://stackoverflow.com/questions/4638262/removing-id-from-cakephp-url
                                   ^^^^^^^
                                      id

Also, there's absolutely nothing unsafe about showing an id in a URL. It's just a number that doesn't mean anything. If a user can do something "bad" only by knowing this id, your app is broken and insecure, not the id-passing mechanism.

Trying to work around this scheme means working around the fundamental principle of the HTML protocol and opens up a whole new can of worms.

Some people prefer using slugs instead of primary key ids. This is the removing-id-from-cakephp-url part of the URL from this page. Take a look at the SluggableBehavior.

However, slugs can change. Hence, having the primary key in your URL is useful if you want to have a permalink. StackOverflow does both so that it can support both permalinking from other sites, as well as for SEO reasons. :)

Regarding security issues, I guess the other answers have already pointed out that there are other ways to make your application secure.

Why do you care? URL-s are optimized for SEO reasons, an ID won't matter if it's ain't too long. If the latter, consider using a shorter one with numbers and letters in them instead, it will be as difficult to guess as a long one with just numbers.

If you are not using GET and you do not supply the params in the URL, your users won't be able to copy-paste the location.