p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   ASP.NET 2.0 Professional (http://p2p.wrox.com/forumdisplay.php?f=215)
-   -   Alternatives to QueryString in 2-page Mstr/Detail (http://p2p.wrox.com/showthread.php?t=45569)

wirerider July 22nd, 2006 01:53 PM

Alternatives to QueryString in 2-page Mstr/Detail
I'm designing some 2-page master/detail relations, and caught the note in Wrox's "Professional ASP.NET 2.0" on page 732 about security issues with QueryString.

I'm hoping to find some alternatives to using QueryString to pass information from page to page. I can think of:
> hidden fields, populated by OnClick prior to postback
> Cross-Page postbacks
Any others to consider? Also, any links that discuss the pro's and con's of these options?

Any suggestions on this would be appreciated.


jbenson001 July 24th, 2006 01:08 PM

You can also use session variables

wirerider July 24th, 2006 01:11 PM

Thanks for input. I'll add that to the list!

jbenson001 July 24th, 2006 01:12 PM

No problem.

wirerider July 24th, 2006 01:21 PM

So here's my quick take on pro's and con's.
QueryString = + conventional web coding
              - security exposures

CrossPage Postbacks (not really different than other alt's)

HiddenField + more secure (not "hanging out" visible)
              - not completely hidden (may be found in page text)
              - extra coding steps

SessionState + more secure (can't be seen on page at all)
              - resource use (but won't hiddenfields also use memory?)
                     (app needs sessionstate anyway...)
              + "global variable" type programming ( + for my skill set..)

App will probably run under HTTPS anyway, but ya nevah 'no...

Anything else come to mind?


All times are GMT -4. The time now is 09:18 AM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.