I am working on a social dynamic website... Right now, many of my site pages use the member's id (or $id) and a friends id (or $f_id) to process information between different websites....
For example, when comparing common events between a logged in member and his/her friend, I may have a link like so:
<a http://localhost/commonfriends.php?id=$id&f_id=$f_id> Common Stuff </a>
So my question is: is it secure to be sending user id's over the open air like this? Since anyone can just grab it. I mean I know its not as bad as sending a password, but are there any drawbacks, things I should be aware of...
Or even better, is there a way to just hide the part of the URL that shows the id's?
Or should I encrypt the id's somehow?