Using Parts of GUID as ID
https://stackoverflow.com/questions/1801961
-
05-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm developing an ASP .Net MVC application. One of my actions requires id as a parameter. For example:
public actionresult Detail(Guid id){
return View();
}
As you can see, I'm using Guid instead of Int. The issue is more cosmetic. The url can be very long, such as localhost/Detail/0c157b42-379d-41d5-b9ba-83e9df9985b2.
Is it safe to take only parts of the Guid like localhost/Detail/0c157b42?
Solution
GUID is designed in such a way that it is intended to be unique, but any part of it is not. See this blog post for details. If you need to shorten the GUID take a good hash of it - like SHA-1 or (if you don't have security concerns) MD5.
OTHER TIPS
No, it's not safe.
You can calculate a SHA-2 hash of it though, and take the first few characters of that.
No, you need the entire GUID since there is a possibility that a subset may not be unique.
For example:
0c157b42-379d-41d5-b9ba-83e9df9985b2
0c157b42-379d-41d5-b9ba-83e9df9985b3
Notice, only the last number is different. The beginnings are both the same. You can't use the trailing end of the GUID either since there's no way to predict what part of the GUID will change when its created.
Some other options to consider- * If there are more than one Details with GUIDs starting with 0c157b42, have the URL localhost/Detail/0c157b42 show a list of applicable Details objects. * URL aliasing - allow for a "Friendly URL" field on the Details object.
You can clean the GUID of -s and convert the HEX to Base32 (A-Z,0-5) which will shorten it to 16 characters.
Bit of a late response but in case anyone reads this...
depending on the use, you can provided a shortened GUID value.
for instance, if the ID value is generated and given to the user as an Authentication Token sort of value then during the generation you could just take however many characters and compare it with other in use values. if any matches, then just generate a new one and re-compare until its unique.
This technique is also advisable if you trim a hash value of the GUID too.. just to be safe. In fact any time you randomly generate a value to be used as ID then you should make sure it is not 'already in use'
