Some people want to avoid using entity id's as screen input parameter, which appear in URL query parameters, because hackers could manipulate the query parameter and might access unauthorized information.
They propose to use a GUID/UUID instead so that screen input parameter cannot be 'guessed'.
But in my opinion this is not a safe solution. You should always validate the query parameter value at server side.
For instance, if a customer enters an order detail screen by clicking an order and the order id is passed through a URL query parameter, the aggregate that fetches the order detail should also check whether this customer has access to this order. So by changing the URL parameter he cannot see orders of other customers.
Like this:
SELECT Order.Id FROM Orders INNER JOIN CustomerOrder ON CustomerOrder.OrderId = Orders.Id WHERE Orders.Id = OrderId AND CustomerOrder.UserId = GetUserId()
If you do not validate the query parameter but use unguessable GUID's only, it might seem safe but, if someone captures the GUID by watching somebody's screen or retrieves it by other means, somebody can enter this as query parameter when logged in with another account and access unauthorized information.
So the GUID solution (only) is not safe!
My question is: why should we use GUID's at all and not just pass the entity Id? Is there any other reason for this?
Hi Rogier,
Good topic for a discussion!
First I fully agree, using a GUID doesn't make it safer, just less easy to mess around. Server side validation is always a must.
But there are some advantages of a GUID over an Integer Auto number:
I recently posted an Idea about adding more GUID capabilities to the platform, as the OutSystems Dynamic Case Management Framework makes extensive use of them.
https://www.outsystems.com/ideas/10485/add-a-guid-data-type-support-to-outsystems-platform
Regards,
Daniel