@lgessler has joined the channel
sorry if this is OT but i thought this was the best place: let's say i have an http endpoint that is unauthenticated but only gives you data for a given UUID. If my sensitive data is behind this API, should i worry about it being unauthenticated? my kneejerk answer is no because a uuid bruteforce would take too long, but i'm wondering if i'm missing sth
pretty satisfied with the answer i found here, sharing: https://security.stackexchange.com/questions/53458/is-it-safe-to-rely-on-uuids-for-privacy&ved=2ahUKEwiBgMvpxojrAhXwhHIEHWcuCKAQFjALegQIDRAB&usg=AOvVaw2tPcHJexyD7Fo8QWvUrqoB&cshid=1596784832993