1

I was thinking of using a Guidas a parameter for an action method to hide its actual content.

The idea behind it is to only give users who know the Guid access to some Views or files behind.

public ActionResult Index(Guid id)
{
    if(id.equals(...))
        return File(document.Data, document.ContentType);  
    else if (id.equals(...))
        return File(document.Data, document.ContentType); 
    ...
}

Does it make sense, because I don't want google or some attacker scanning the site (deep scanning) and finding that information?

AakashM
  • 62,551
  • 17
  • 151
  • 186
ASfdsa33
  • 97
  • 1
  • 9
  • 4
    [Obscurity is not security.](https://stackoverflow.com/questions/533965/why-is-security-through-obscurity-a-bad-idea) – ProgrammingLlama Feb 28 '18 at 09:07
  • 6
    Does it make sense - absolutely not. If the user does not have permission to access the view, then you prevent that in the server method –  Feb 28 '18 at 09:08
  • 2
    Why not make everything public and use the built in Authorization attribute (https://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.118).aspx). You can create your own attribute, inherit this, then write your own validation for the request. – Alex Feb 28 '18 at 09:11
  • 6
    Downvoters, this isn't meta - don't downvote to indicate 'this is a bad idea'. It's a perfectly reasonable, if naive, question. – AakashM Feb 28 '18 at 09:22
  • 4
    Is possession of the GUID sufficient to be granted access to the document? I mean as opposed to specific people or groups being allowed to view it? Because one someone has got the GUID and shared the link online, then anyone in the world, including potentially search engines, can access the document, and nothing is hidden anymore. As mentioned, obscurity is not security. Normally when implementing security, access is granted to a specific user who is first authenticated (to check their identity) and then authorised (to check their permission to access this specific resource). – ADyson Feb 28 '18 at 10:12

0 Answers0