asp.net - Are visible GUIDs a security risk? -


I am using asp.net and subscription providers for my site. If the user is able to easily see his GUID, will it be considered a security risk? Do I take extra steps to prevent users from easily finding their GUIDs, such as they confirm their verification process. Although there are ways around it, like using different GUIDs for 'front-end' activities, is it an overhead and an unnecessary increase in time of development?

An example of possible spoofing is when I am authenticating the user's permission to use a resource.

  Guid cUser = (Guid) Subscription GETUser () ProviderUserKey; // If it is seen publicly, there is no reason to call DB or call in any session because it can be placed in QueryString bool grantAccess = CheckGroupPermission (cUser, groupID);  

Thanks

This is usually a good way to expose Do not think the key to a database for the external world, but if you have to choose what kind of field to hide, then the GUID is not a bad choice, it is better to highlight the sequence number, where it can be guessed (But not easily) who constitute an unknown valid identifier in DB.

Instead of providing the GUID for the external world, instead of providing the GUID, the username It should be unique.


Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -