I am currently building an ecommerce website using ASP .Net MVC3. At the end

Question

0

Asked: May 31, 20262026-05-31T02:23:02+00:00 2026-05-31T02:23:02+00:00

I am currently building an ecommerce website using ASP .Net MVC3. At the end

0

I am currently building an ecommerce website using ASP .Net MVC3. At the end of the checkout process, I have a view which displays a summary of the order including the customer’s contact details (Name, Email, Address, Contact #, etc).

I am using a GUID in the query string which is used to retrieve the information from the DB and display it on the page (eg, http://www.site.com/Checkout/Complete?ID={GUID}). Is this considered bad practice in terms of security? Someone would need to guess the GUID to access any customer information, which seems just about impossible. Should I be going to the additional effort of authenticating the user before displaying the information?

Many thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T02:23:03+00:00

Editorial Team

2026-05-31T02:23:03+00:00Added an answer on May 31, 2026 at 2:23 am

The user should be authenticated and your code should check if the current logged in user has access to that information.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am currently building an ecommerce website using ASP .Net MVC3. At the end

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply