zubhub icon indicating copy to clipboard operation
zubhub copied to clipboard
verified publisher icon unstructuredstudio

Replace UUIDs with Slugs in URL Paths to Enhance Security and Readability

Open yokwejuste opened this issue 2 years ago • 3 comments

image

Feature Request:

Problem Statement: Currently, our application exposes project IDs or items through UUIDs in the URL, which could potentially be a vulnerability. Though UUIDs are hard to guess, once leaked, they could be used to access or manipulate resources they should not, especially if proper permission checks are lacking. Additionally, the usage of UUIDs in URLs is not user-friendly and can impact the application's usability and SEO rankings negatively.

Proposed Solution:

I propose that we transition from using UUIDs to slugs in our URL paths. Slugs are more readable and can be designed to provide a more intuitive understanding of the resource being accessed. They also allow for better indexing by search engines, improving our application's SEO rankings.

Implementation:

  • Slug Generation: Create a utility function that generates a unique slug based on a project/item's name and perhaps a unique identifier (if needed).
  • URL Paths Update: Modify our routing logic to use slugs instead of UUIDs as path parameters.
  • Backward Compatibility: Ensure backward compatibility by creating a mapping from the old UUID-based URLs to the new slug-based URLs, at least for a transitional period.
  • Permission Checks: Strengthen permission checks to ensure that even if a slug gets leaked, unauthorized users cannot access or manipulate the associated resources.
  • By implementing slugs in place of UUIDs, we can enhance both the security and user-friendliness of our application's URL scheme, thus elevating the overall user experience and SEO rankings.

This feature request outlines the problem, the proposed solution, and the steps towards implementation, making it clear why transitioning from UUIDs to slugs is beneficial for the project.

yokwejuste avatar Oct 19 '23 08:10 yokwejuste

Nice. If possible, can you also attach the look of slugs?

coderatomy avatar Oct 19 '23 08:10 coderatomy

Thanks for creating this! This is something we can work on in the future, not right now.

srish avatar Oct 20 '23 19:10 srish

Hello @yokwejuste I agree with UUIDs not being reader friendly. For the security issue you mentioned, I wonder if you can elaborate on that a bit more and how it is different from using slug security-wise?

NdibeRaymond avatar Oct 22 '23 18:10 NdibeRaymond