Section 11.2 of the Grails Framework Reference Docs talks about how to protect parameters in a Groovy/Grails app. On my current project, on public facing pages, we’ve been obscuring ids using the base64 codec that comes with grails. Here is a quick example:
def encodedString = "test".encodeAsBase64() println encodedString //build your decoded string from the byte array returned from the decode method. def decodedString = new String(encodedString.decodeBase64()) println decodedString
Obscure ids and keep those urls hard to guess!