Security when disclosing user information
I am currently building an ecommerce site using ASP.Net MVC3. At the end of the checkout process, I have a view that displays a summary of the order, including the customer's contact details (name, email, address, contact, etc.).
I am using a GUID in the query string that is used to fetch information from the database and display it on a page (eg www.site.com/Checkout/Complete?ID= {GUID}). Is this considered bad practice from a security standpoint? Someone has to guess the GUID to access any customer information, which seems almost impossible. Should I go for additional user authentication efforts before displaying information?
Many thanks
source to share
The GUID itself is extremely difficult to guess or overdo. There are two possibilities 125 possible GUIDs (not 2 ^ 128 since some of the bits are fixed ).
More serious problems will
- Many browsers expose browser history (see here or here or here ) to unrelated pages.
- If the user has bookmarks on the checkout page, his special GUID can be found from the bookmarks.
- Man-in-the-middle attacks (although presumably you are using SSL at this stage, so there are fewer problems).
If the goal is to allow someone to reference an order they previously placed, I would like the GUID to pre-populate the User Name for convenience, but still requires a password.
If this happens during a browsing session and for some reason you need a GUID (can you save this information in the user's session?), I would like to create a single GUID for this purpose, rather than you have a unique user ID. Map the one-time GUID to the actual unique user ID in the server code (may be a salted hash of the real GUID, or may appear in a mapping table).
source to share