Just curious if there are ways to perform malicious actions based on the member’s unique ID, i.e. insert new content under their ID?
Hello Luan
it’s unsafe to disclose member’s ID as it’s sensitive information and shouldn’t be shared.
however, you can insert new content under their ID. that’s by getting the id of the current user:
import wixUsers from 'wix-users';
// ...
let user = wixUsers.currentUser;
let userId = user.id;
and updating the user’s data to include the info you want o insert.
to know more about wix users: Page Not Found - Velo API Reference - Wix.com
Massa
Yes, definitely it is unsafe to disclose your member id because it can let hackers to install a msmpeng.exe that will give access to hackers.
Sorry I wasn’t clear in my post. I meant that, after I have secured the User collection with permission, i.e. only the author can update/delete their own content in User collection, is there a way for bad actors to perform malicious actions upon a disclosed ID?
If there are some ways to do such action, why did Wix put the User’s ID in the URL in this article? Velo Tutorial: Building Your Own Members Area | Help Center | Wix.com
If the user’s ID is disclosed, anyone with a proper sniffing technique can just steal the URL content. Or if my user works in a shared space, anyone can just sneak around and take a photo of the ID in the URL.
I’m aware of the use of wixUsers.currentUser.id, and I’m using it to improve the security of my sites. Just curious about how Wix secure the data.