| ▲ | mdaniel 4 days ago | |
I believe one can readily agree that https://example.com/profiles/gooosle and https://example.com/profiles/mdaniel are not sequential and thus not subject to enumeration in any reasonable way. A concrete example of defense against this is: please link to the HN username of an account which has never posted The other very common pattern is https://example.com/profiles/852c1a9a-29ae-4638-9d82-50e0d40... or its b36 encoding which are shitty for reading over the phone but otherwise definitely safe from enumeration | ||
| ▲ | gooosle 2 days ago | parent [-] | |
First of all exposing IDs and having non-enumerable IDs are completely different things. Second, HN usernames are 100% enumerable. 'asdfgf' is an example of account which has never posted. | ||