Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Should I use Membership UserID or My Primary Key

Posted on 2010-08-31
2
Medium Priority
?
378 Views
Last Modified: 2013-11-08
I am using asp.net 3.5 with the membership provider.
I added all the provider tables to my existing database using Aspnet_regsql.exe.
I added the userid, which is the data type uniqueidentifier, from the asp.net_users table generated by the membership provider, to my top level table.
The top level table primary key/identity key, is an int (PersonID). Since I used this primary key (PersonID) to relate tables in my original database, before adding membership provider, I just added the userid from the asp.net_users table, to my top level table.

Persons table
PersonID int Identity
UserID uniqueidentifier

Other Tables use PersonID as their FK.

Since this is a web app, I wanted to be sure that, for security reasons, using the PersonID was ok, or if I should change my tables to use the userid/uniqueidentifier instead of the PersonID as the FK.

Thanks
0
Comment
Question by:Sheritlw
2 Comments
 
LVL 32

Accepted Solution

by:
Brendt Hess earned 2000 total points
ID: 33571654
Depends on where you are using it.  If you place the PersonID on a link in your web code, it may make it easier to hack the system in some cases. If I had the option, I would use PersonID internally, and the guid externally (where it could be hacked).  
0
 

Author Comment

by:Sheritlw
ID: 33572547
Thank you bhess1.

I will change the relationship fk to the user id.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question