Constituent ID - RE security
Are there any risks to using the Constituent ID in a public profile URL? (outside of Raiser's Edge, but loosely integrated on the back end, hence the usage of the constituent id)
For example, given this RENXT URL:
host.nxt.blackbaud.com/constituent/records/5587458
Is it ill-advised to use 5587458 in a public facing app?
Ex:
myprofiles.com/5587458/default_profile (this could be a link in an email)
I'm trying to figure out what risks there might be, if any, for someone seeing this unique constituent id. Or if a different key field should be used. Or if we should come up with an alternative hash.
Thanks for any advice!
Comments
-
I can't see that it would be harmful using the system id of the constituent as anyone who has it would need access to your environment to see the details of the constituent.
0
Categories
- All Categories
- 5 Blackbaud Agents for Good™
- Raiser's Edge NXT test
- 6 Blackbaud Community Help
- 211 bbcon®
- 1.4K Blackbaud Altru®
- 405 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.2K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 16 donorCentrics®
- 361 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 666 Blackbaud Grantmaking™
- 587 Blackbaud Education Management Solutions for Higher Education
- 3.3K Blackbaud Education Management Solutions for K-12 Schools
- 949 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 85 JustGiving® from Blackbaud®
- 6.8K Blackbaud Raiser's Edge NXT®
- 3.8K SKY Developer
- 251 ResearchPoint™
- 121 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 243 Member Lounge (Just for Fun)
- 38 Blackbaud Community Challenges
- 37 PowerUp Challenges
- 3 (Closed) PowerUp Challenge: Grid View Batch
- 3 (Closed) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 807 Community News
- 3K Jobs Board
- 57 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)