Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have to use UserId in a AdminUsers.aspx page ( to manage users activation and unLocking accounts ) . I’ve planned to save UserId as gridview DataKey .
but the problem is that I don’t know if userId is ok to be saved in viewstate and be exposed to users . is there any security issue with UserId ?
thanx
It sounds like UserID is just the primary key to your User table. As such, I don’t see any security issue. Knowledge of an internal primary key shouldn’t help unauthorized access.
A lot of databases use Identity (int) primary keys. If the system was designed in such a way that damage could be done via primary key, then a malicious user could just keep trying numbers.
EDIT: Just realized that this is tagged asp.net-membership, so I presume that UserID is the GUID that membership uses. I still don’t see this as a security issue. It’s just a primary key.