Hi, there's a major problem with the URLS of CV's, all are available to everyone as they're numbered in order and there's no permission locks.

Thanks for letting me know Have taken the site down until this is fixed

Just use UUIDs

> Do not assume that UUIDs are hard to guess; they should not be used as security capabilities

https://news.ycombinator.com/item?id=10631806

Use a crypto-quality PRNG (/dev/urandom is fine) and you should be fine, especially since the time it takes to brute-force URL parameters is very high (network latency). Just about anything is better than sequential numbers here.

They are harder to guess than sequential numbers.

No security is perfect - it is all deterrence. Using UUIDs instead of numbers at least closes the front door, even it it isn't locked.

Guids instead of numbers should suffice as quick and dirty fix :)