I'm looking for suggestions, or really good tutorials on how to handle passing ids back and forth in a secure manner from client to server, I'm not passing user ids or anything like that, however I might pass an id for Items table row. I would like to hide these ids from users. I wish i could avoid putting them in the page altogether however considering they are the pk, I have no choice, but to ping pong the value back and forth from client to server.
Thanks for any help.
edit: I plan to check whether or not the user has permission to do such actions, however I would still like to hide the data.
Easy Suggestion:
1) Add a guid column to your tables that's generated (default value: new id()). Create an index on the guid column. Pass the guid back and forth rather than your PK.
2) Does this completely secure your ids? No. But it prevents users from guessing at numeric PKs.
3) Always sanity check that the Authenticated user has access to the record.