Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am exposing Sql Server data through WCF to be consumed on a WP7 application. Right now I have a choice, either I work with the data using the primary key or other columns for the same table.
I personally think it is best not to expose the PK, not that the phone is not secure, but because of the internet. But, please advice me.
thanks,
I assume that the PK you mentioned is of type int and it would not be secure to expose the values.
In this case I’d add an alternate key of type GUID (uniqueidentifier in SQL Server). The field can be populated using the
System.Guid.NewGuid()method from .Net code, or using thenewid()function in SQL.That would make the key not predictable. For example, if a person sniffs your WCF traffic and sees a PK with a value of 4, they can try close values (2,3,5…) to access other records. GUIDs are not sequential, so it’s really hard to guess other key values.
Please note that GUIDs take up 4x more storage space than an int (or 2x bigint), so if this will be a large table, the GUID approach could take considerably more space.
In this case, you might reconsider if exposing keys is really a security problem; if the app is designed to be secure, or if all the records are meant to be viewed by anyone then exposing the PK value should not be so bad.
After all, if you look at the URL of this page you will notice the value
8690786, which most probably is an exposed integer identifier of the question.