Is user id safer that username in a querystring for member profiles
-
Hi, I would like to know if it's safe to program a site with members where I use usernames rather than user id in the querystring to retrieve user information from a database. I see some sites have user ids nad some usernames. Any response is appreciated.
-
Hi, I would like to know if it's safe to program a site with members where I use usernames rather than user id in the querystring to retrieve user information from a database. I see some sites have user ids nad some usernames. Any response is appreciated.
Hi, User Id is obviously prefered and secure choice, because username is understandable to others. But Whether its Id or Name both must be associated with Password and without the combination of both,access of applicaiton is not possible. But if i know the username,databasename, and tablename and i have the access of Database server, i can fetch the user information from database. Same is possible with user Id as well. But its diffcult to guess which Id belong to which User. Hope this will bring u decide ID or Name.
-
Hi, User Id is obviously prefered and secure choice, because username is understandable to others. But Whether its Id or Name both must be associated with Password and without the combination of both,access of applicaiton is not possible. But if i know the username,databasename, and tablename and i have the access of Database server, i can fetch the user information from database. Same is possible with user Id as well. But its diffcult to guess which Id belong to which User. Hope this will bring u decide ID or Name.
Thanks a lot for the useful information. One thing though is that user id is just as visible as a username in the querystring when you for example click on a profile of a certain user. Also assuming that a person have logged in to a certain site how can he possibly retrieve the database name and a table name, and also have an access to a database server? is it easy possible to do or it's extremly difficult to retrieve that? Thanks again.
-
Thanks a lot for the useful information. One thing though is that user id is just as visible as a username in the querystring when you for example click on a profile of a certain user. Also assuming that a person have logged in to a certain site how can he possibly retrieve the database name and a table name, and also have an access to a database server? is it easy possible to do or it's extremly difficult to retrieve that? Thanks again.
-
Albert, you are correct, User id is just as visible as a username. But statement ?UserID=1234 or ?UserName='Albert' makes difference in visibility. For a end user its impossible to retrieve information from database. All the best for endeavour.