Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I expose a user ID to public?

I have a form that reveals user IDs to public. I was wondering that is this dangerous. Personally I do not see anything bad about it. The ID is just used to reference a single database record.

like image 228
Tower Avatar asked Sep 02 '10 16:09

Tower


People also ask

Is User ID confidential?

IDs and Passwords Patient Financial Information, Clinical Information, and User Passwords are all examples of confidential information. A User ID without a password is not confidential and is frequently included in directories and other tools widely available.

Should database id be exposed?

From the perspective of code design, a database ID should be considered a private implementation detail of the persistence technology to keep track of a row. If possible, you should be designing your application with absolutely no reference to this ID in any way.

Can a user ID be shared?

The Income Tax Department has warned taxpayers against sharing their user ID and password with any unauthorised person, saying they too will be liable to face consequences for misuse of their confidential information.


1 Answers

If it were dangerous, Stack Overflow wouldn't be displaying user IDs in their URLs in order to make user profile lookups work: https://stackoverflow.com/users/104826/rfactor

Edit of seriousness of immense levels: if user IDs are themselves sensitive data; for example your primary keys for some reason happen to be social security numbers, that'll definitely be a security and privacy liability. If your user IDs are just auto-increment numbers though, you're clear.

like image 182
BoltClock Avatar answered Sep 17 '22 14:09

BoltClock