Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Reload this Page Alternatives to QueryString in 2-page Mstr/Detail
|
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 22nd, 2006, 01:53 PM
Authorized User
  
Join Date: Jan 2006
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default Alternatives to QueryString in 2-page Mstr/Detail
I'm designing some 2-page master/detail relations, and caught the note in Wrox's "Professional ASP.NET 2.0" on page 732 about security issues with QueryString.

I'm hoping to find some alternatives to using QueryString to pass information from page to page. I can think of:
> hidden fields, populated by OnClick prior to postback
> Cross-Page postbacks
Any others to consider? Also, any links that discuss the pro's and con's of these options?

Any suggestions on this would be appreciated.

Thanks!
 
Old July 24th, 2006, 01:08 PM
Friend of Wrox
  
Join Date: Nov 2003
Posts: 1,348
Thanks: 0
Thanked 5 Times in 5 Posts
Default
You can also use session variables
 
Old July 24th, 2006, 01:11 PM
Authorized User
  
Join Date: Jan 2006
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Thanks for input. I'll add that to the list!
 
Old July 24th, 2006, 01:12 PM
Friend of Wrox
  
Join Date: Nov 2003
Posts: 1,348
Thanks: 0
Thanked 5 Times in 5 Posts
Default
No problem.
 
Old July 24th, 2006, 01:21 PM
Authorized User
  
Join Date: Jan 2006
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default
So here's my quick take on pro's and con's.
QueryString = + conventional web coding
              - security exposures

CrossPage Postbacks (not really different than other alt's)

HiddenField + more secure (not "hanging out" visible)
              - not completely hidden (may be found in page text)
              - extra coding steps

SessionState + more secure (can't be seen on page at all)
              - resource use (but won't hiddenfields also use memory?)
                     (app needs sessionstate anyway...)
              + "global variable" type programming ( + for my skill set..)

App will probably run under HTTPS anyway, but ya nevah 'no...

Anything else come to mind?

Thanks!





Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help Master Detail page ollie281 Dreamweaver (all versions) 0 August 7th, 2006 12:35 PM
master/detail page yteferi ASP.NET 2.0 Basics 6 April 12th, 2006 09:04 AM
Master/Detail page yteferi ASP.NET 2.0 Basics 1 April 5th, 2006 04:06 PM
Querystring Alternatives lukemedway_uk Classic ASP Basics 1 October 7th, 2003 08:45 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.