Hi.
I have been using hidden fields to store useful information on ASP.NET web pages between posts. I understand these are not secure because they can be read by looking at view source.
I have since placed them in a panel with its visible set to false. The hidden fields are then not shown in the web page source, but still accessible to my c# code behind.
Is this secure or are the fields still accessible to others browsing the site.
Thanks and regards.
7  1348 
I believe that this is secure, I'll move your question to the .NET forum to see if anyone here wants to weigh in. Are you talking about code documentation stuff or like posted data that you need to pass on from one page or another?
If you are just documenting, then commented lines don't get sent to the user. If you need data passed along, then this can be sent fairly securely as a cookie (this is sent to the user but encrypted) or as session-level variables (kept at the server). Let me know if this helps.
Jared
That will work but there are better ways (Databases, sessions, etc)
I believe that this is secure, I'll move your question to the .NET forum to see if anyone here wants to weigh in. Are you talking about code documentation stuff or like posted data that you need to pass on from one page or another?
If you are just documenting, then commented lines don't get sent to the user. If you need data passed along, then this can be sent fairly securely as a cookie (this is sent to the user but encrypted) or as session-level variables (kept at the server). Let me know if this helps.
Jared
Many thanks - I am using them to store values that I pass from one page to another and between postbacks. I thought about cookies, but people turn them off!
Kind regards - I will check the .net forum for any entries.
Many thanks - I am using them to store values that I pass from one page to another and between postbacks. I thought about cookies, but people turn them off!
Kind regards - I will check the .net forum for any entries.
session variables work really well and simply for this type of thing. - session("userID") = "jhardman"
-
session("timeIn") = "3:45pm"
-
-
if session("userID") = "" then response.redirect "login.asp"
Let me know if this helps.
Jared
session variables work really well and simply for this type of thing. - session("userID") = "jhardman"
-
session("timeIn") = "3:45pm"
-
-
if session("userID") = "" then response.redirect "login.asp"
Let me know if this helps.
Jared
Depends on the how the session state is held. He was discussing the possibility of a user not using cookies, so if the session is cookie based it wont work.
Depends on the how the session state is held. He was discussing the possibility of a user not using cookies, so if the session is cookie based it wont work.
No, the session variables should be kept on the server by default, the server keeps track of them by session ID. I don't think you can turn of your session identifier as easily as turning off cookies so it is unusual to have a problem with session variables while cookies do fail from time to time. This is the standard way to keep track of shopping cart data or logged-in user info etc. They are robust, can hold large amounts of data, and are much faster to access (and easier to code) than referring to a db every page load.
I am talking about the manner that there are three different ways to hold session data. 2 out of the 3 are dependent on cookies to some degree.
EDIT: The third is your method
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Randell D. |
last post by:
Folks,
I have a large amount of values to store (we're talking tens, if not
hundreds of bytes). I need this for a client side application - ignore
the security consequences for the moment -...
|
by: Mark McLellan |
last post by:
Dear all
Following the oft-repeated advice here and ciwas I have made my site
nearly 4.01 strict (working on it). There are some items on which I would
appreciate your advice:
1. Hidden...
|
by: Frank Rizzo |
last post by:
Ok, this is probably so simple...
Anyway, I'd like to pass a value in the hidden variable. I have code
like this:
<form...>
<input type="Hidden" name="zzz" value="1">
...
</form>
I want...
|
by: Frank Rizzo |
last post by:
Ok, this is probably so simple...
Anyway, I'd like to pass a value in the hidden variable. I have code
like this:
<form...>
<input type="Hidden" name="zzz" value="1">
...
</form>
I want...
|
by: Jeff |
last post by:
....still new to .net 2005 using VB.
Do I understand correctly that the value of a session variable is actually stored in the server's ram, but relies on the asp.net
session ID cookie that...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
