Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old July 22nd, 2006, 01:53 PM
Authorized User
Points: 514, Level: 8
Points: 514, Level: 8 Points: 514, Level: 8 Points: 514, Level: 8
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2006
Location: , , .
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default Alternatives to QueryString in 2-page Mstr/Detail

I'm designing some 2-page master/detail relations, and caught the note in Wrox's "Professional ASP.NET 2.0" on page 732 about security issues with QueryString.

I'm hoping to find some alternatives to using QueryString to pass information from page to page. I can think of:
> hidden fields, populated by OnClick prior to postback
> Cross-Page postbacks
Any others to consider? Also, any links that discuss the pro's and con's of these options?

Any suggestions on this would be appreciated.

Thanks!
  #2 (permalink)  
Old July 24th, 2006, 01:08 PM
Friend of Wrox
Points: 4,332, Level: 27
Points: 4,332, Level: 27 Points: 4,332, Level: 27 Points: 4,332, Level: 27
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2003
Location: , NJ, USA.
Posts: 1,348
Thanks: 0
Thanked 5 Times in 5 Posts
Default

You can also use session variables

  #3 (permalink)  
Old July 24th, 2006, 01:11 PM
Authorized User
Points: 514, Level: 8
Points: 514, Level: 8 Points: 514, Level: 8 Points: 514, Level: 8
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2006
Location: , , .
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for input. I'll add that to the list!
  #4 (permalink)  
Old July 24th, 2006, 01:12 PM
Friend of Wrox
Points: 4,332, Level: 27
Points: 4,332, Level: 27 Points: 4,332, Level: 27 Points: 4,332, Level: 27
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2003
Location: , NJ, USA.
Posts: 1,348
Thanks: 0
Thanked 5 Times in 5 Posts
Default

No problem.

  #5 (permalink)  
Old July 24th, 2006, 01:21 PM
Authorized User
Points: 514, Level: 8
Points: 514, Level: 8 Points: 514, Level: 8 Points: 514, Level: 8
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2006
Location: , , .
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default

So here's my quick take on pro's and con's.
QueryString = + conventional web coding
              - security exposures

CrossPage Postbacks (not really different than other alt's)

HiddenField + more secure (not "hanging out" visible)
              - not completely hidden (may be found in page text)
              - extra coding steps

SessionState + more secure (can't be seen on page at all)
              - resource use (but won't hiddenfields also use memory?)
                     (app needs sessionstate anyway...)
              + "global variable" type programming ( + for my skill set..)

App will probably run under HTTPS anyway, but ya nevah 'no...

Anything else come to mind?

Thanks!
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help Master Detail page ollie281 Dreamweaver (all versions) 0 August 7th, 2006 12:35 PM
master/detail page yteferi ASP.NET 2.0 Basics 6 April 12th, 2006 09:04 AM
Master/Detail page yteferi ASP.NET 2.0 Basics 1 April 5th, 2006 04:06 PM
Querystring Alternatives lukemedway_uk Classic ASP Basics 1 October 7th, 2003 08:45 AM



All times are GMT -4. The time now is 02:06 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.