You can get around this by simply having a 2nd way to reference that single integer ID.
I've built systems in the past where we simply gave out base26Encode(ID+20000) whenever an ID was desplayed on the URL, which gives a nice typeable 4-digit string like "6cw8". Pulling up a record, you'd simply check whether you were looking at an integer and if not, (base26Decode(key)-20000) and you're in business.
It doesn't need to be rocket science crypto stuff. After all, it's just obfuscation to confuse the casual observer.
I've built systems in the past where we simply gave out base26Encode(ID+20000) whenever an ID was desplayed on the URL, which gives a nice typeable 4-digit string like "6cw8". Pulling up a record, you'd simply check whether you were looking at an integer and if not, (base26Decode(key)-20000) and you're in business.
It doesn't need to be rocket science crypto stuff. After all, it's just obfuscation to confuse the casual observer.