Are there security issues using ASP.NETs "UserProfileID" in a URL?

I have the user controls (ASP.NET 3.5) implemented and noticed that each user is given a UserProfileID

I'm implementing a public page for each user, as asked and answered here, that will use the UserProfileID in the URL.

My question is, can the UserProfileID be used maliciously? Is it OK that anyone can see that persons UserProfileID ?

Is it OK to have somethin开发者_如何学运维g like that in the URL?

(Also, the userIDs are very long, i.e. - a051fc1b-4f51-485b-a07d-0f378528974e Is there a way to shorten what each user's unique URL is? )

The answer to your first question is no, there aren't really any security issues posed by exposing a user's id in the URL (as long as you have other means of authorization - don't use that id in the URL to authorize the user).

To answer your second question, the id is a GUID which is quite long. If you wanted something shorter you would have to store your UserProfile object with a different type as the key in the data store (like an integer which would be shorter).