473,387 Members | 1,844 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > what does viewstateuserkey do exactly?

Join Bytes to post your question to a community of 473,387 software developers and data experts.

What does ViewStateUserKey do exactly?

and what is the "one click attack" that it is said to prevent?
I've tried to use it but it seems that there is no visible change in the
source code...

Thanks
Henri

Nov 18 '05 #1
3 1629
The simpliest protection from "one-click attack" is not to use cookies. So,
if you're concerned about real security of your stuff, stop using Session
object and develop your own session. It's easy, takes a bit more processing
on the server (normally. about 0.001 seconds more) but it's worth it. I'm
not using Session in all my apps at all and I don't care about 90% of
security threads. Use parameterized sql calls and another 5% will go away.
XSS (cross-site scripting) comes next to "one-click". All those "techniques"
used to screw up your work are well described on the Net - use Google or
something to find related info.
"Henri" <hm********@hotmail.com> wrote in message
news:ur**************@TK2MSFTNGP10.phx.gbl...
and what is the "one click attack" that it is said to prevent?
I've tried to use it but it seems that there is no visible change in the
source code...

Thanks
Henri

Nov 18 '05 #2
viewstate is encrypted, and asp.net checks that its valid on each load. to
post a page, you need a valid viewstate. if you steal someone else viewstate
(say though a sniffer), you can post to the system. adding a
ViewStateUserKey ties that viewstate to a particular user. the key will be
stored in the viewstate, and compared on post - if it differs, an error is
thrown.

-- bruce (sqlwork.com)
"Henri" <hm********@hotmail.com> wrote in message
news:ur**************@TK2MSFTNGP10.phx.gbl...
| and what is the "one click attack" that it is said to prevent?
| I've tried to use it but it seems that there is no visible change in the
| source code...
|
| Thanks
| Henri
|
|
|
Nov 18 '05 #3
Thanks for your explanation Bruce :-)

"bruce barker" <no***********@safeco.com> a écrit dans le message de
news:uG**************@tk2msftngp13.phx.gbl...
viewstate is encrypted, and asp.net checks that its valid on each load. to
post a page, you need a valid viewstate. if you steal someone else viewstate (say though a sniffer), you can post to the system. adding a
ViewStateUserKey ties that viewstate to a particular user. the key will be
stored in the viewstate, and compared on post - if it differs, an error is
thrown.

-- bruce (sqlwork.com)
"Henri" <hm********@hotmail.com> wrote in message
news:ur**************@TK2MSFTNGP10.phx.gbl...
| and what is the "one click attack" that it is said to prevent?
| I've tried to use it but it seems that there is no visible change in the
| source code...
|
| Thanks
| Henri
|
|
|


Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

220
What's better about Ruby than Python?
by: Brandon J. Van Every | last post by:
What's better about Ruby than Python? I'm sure there's something. What is it? This is not a troll. I'm language shopping and I want people's answers. I don't know beans about Ruby or have...
Python
3
What I want in an editor/IDE
by: Chris Cioffi | last post by:
I started writing this list because I wanted to have definite points to base a comparison on and as the starting point of writing something myself. After looking around, I think it would be a...
Python
125
What so special about PostgreSQL and other RDBMS?
by: Sarah Tanembaum | last post by:
Beside its an opensource and supported by community, what's the fundamental differences between PostgreSQL and those high-price commercial database (and some are bloated such as Oracle) from...
Microsoft SQL Server
121
What IDE are you using?
by: typingcat | last post by:
First of all, I'm an Asian and I need to input Japanese, Korean and so on. I've tried many PHP IDEs today, but almost non of them supported Unicode (UTF-8) file. I've found that the only Unicode...
PHP
140
Horrible Visual C Bug!
by: Oliver Brausch | last post by:
Hello, have you ever heard about this MS-visual c compiler bug? look at the small prog: static int x=0; int bit32() { return ++x; }
C / C++
132
So what Standard are we working off?
by: Frederick Gotham | last post by:
If we look at a programming language such as C++: When an updated Standard comes out, everyone adopts it and abandons the previous one. It seems though that things aren't so clear-cut in the C...
C / C++
9
What is the best practice to have a user control placed multiple times on a page?
by: Gummy | last post by:
Hello, I created a user control that has a ListBox and a RadioButtonList (and other stuff). The idea is that I put the user control on the ASPX page multiple times and each user control will...
ASP.NET
15
problem with accessing a "struct" using "->"
by: arnuld | last post by:
-------- PROGRAMME ----------- /* Stroustrup, 5.6 Structures STATEMENT: this programmes *tries* to do do this in 3 parts: 1.) it creates a "struct", named "jd", of type "address". 2. it...
C / C++
32
Template technicality - What does the standard say?
by: Stephen Horne | last post by:
I've been using Visual C++ 2003 for some time, and recently started working on making my code compile in GCC and MinGW. I hit on lots of unexpected problems which boil down to the same template...
C / C++
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!