Uses hashids.rb(github.com/peterhellberg/hashids.rb) to store ActiveRecord IDs in URL non-obviously. Heavily based on obfuscate_id(github.com/namick/obfuscate_id).
Add the gem to your Gemfile.
gem 'hashids_rails'
Run bundler.
bundle install
In your model, add a single line.
class Post < ActiveRecord::Base hash_id end
If you want your hash ids to be different than some other website using the same plugin, you can throw a random string (salt) at hash_id to make it hash out unique ids for your app.
class Post < ActiveRecord::Base hash_id salt: 'bring_your_own_salt' end
-
This is not security. hashids_rails was created to lightly mask record id numbers for the casual user. If you need to really secure your database ids (hint, you probably don’t), you need to use real encryption like AES.
-
To properly generate obfuscated urls(using hash_ids), make sure you trigger the model’s to_param method by passing in the whole object rather than just the id; do this: post_path(@post) not this: post_path(@post.id).
-
write tests