If I'm using GUIDs for IDs in a multitenant app, do I really need to check data entitlements?

Let's say I have a multitenant app with a domain class called Store. Each tenant can only view his/her Stores. I give each Store a GUID.

Now, since it's a multitenant app, on each request I should check to make sure the user is entitled to the data she wants to access. Otherwise, one could easily change a /store/show/1 to a /store/show/2.

However, since I'm using GUIDs, which are more or less guaranteed to be unique, do I need to do this check? What are the chances of a user guessing another开发者_运维百科 GUID in the system?

There isn't a great chance that someone is going to stumble upon either accidentally or on purpose one of the GUIDs for another store belonging to another tenant. If you're using a Repository pattern then I'd have the repository append the logic (basically add a WHERE StoreTenantID = UsersTenantID to every query) to check to ensure that the store the user is looking for is one they're allowed to see.

It might not hurt to implement this anyhow, as you might likely come to a time where users want to have "pretty" URLs and want to use store names or numbers in the URL, in which case all you'd have to do is have a custom route (in the case of MVC) that matches that pattern, then update your repository accordingly.

Hope that helps - bottom line is I'd go ahead and waste some bits doing the check.