Re: QueryString Hiding

From: Teemu Keiski (joteke_at_aspalliance.com)
Date: 04/12/04

Next message: Kristofer Gafvert: "Re: Possible to get iis on Windows XP Home Edition?"
Previous message: Juleke: "Re: ASP .NET on Win 2003 Standard + Domain Controller with Active Directory : Temporary folder-Access denied"
In reply to: Shock: "QueryString Hiding"
Next in thread: coollzh: "Re: QueryString Hiding"
Reply: coollzh: "Re: QueryString Hiding"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 12 Apr 2004 11:27:41 +0300

Hi,

you could use Session variables when values are kept in memory for user's
session (at server). Another way could be using cookies (they are readable
if user really wants that but work for 'quick' hiding) or just using
Server.Transfer, when processing of request is transferred to another page
at the server without client browser intervention. Server.Transfer works
like Response.Redirect but the exact difference is that redirect happens
without client browser knowing that (with Response.Redirect browser is
making the actual redirect request).

-- 
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke
"Shock" <no@waydude.com> wrote in message
news:107k8qet4eqcg97@corp.supernews.com...
> I am interested in hearing what kind of methods are used to hide
> QueryStrings when passing data between aspx pages.  For instance, I have a
> url that looks something like this:
>
> http://localhost/page.aspx?year=2000&userid=100
>
> What ways are there to hide everything following the question mark?
>
> I have found some tutorials online, but they are very vague and I am
seeking
> a little more detail.  As a newbie to asp.net I am interested in learning
> all I can about securing the data I am transferring between pages.
>
> Currently, I pass the data in the url exactly like it is above and I use a
> function on the other end to extract the variable from the data and put it
> into a private variable on the next page.
>
> Thanks ahead!
>
> Shock
>
>

Next message: Kristofer Gafvert: "Re: Possible to get iis on Windows XP Home Edition?"
Previous message: Juleke: "Re: ASP .NET on Win 2003 Standard + Domain Controller with Active Directory : Temporary folder-Access denied"
In reply to: Shock: "QueryString Hiding"
Next in thread: coollzh: "Re: QueryString Hiding"
Reply: coollzh: "Re: QueryString Hiding"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Using ASP.NET StateServer on another machine. So what?
... You will never get a perfromance increase when moving from InProc to State ... When you use InProc the session variables can be lost when the process ... You do not need 2nd box just for State Server.) ...
(microsoft.public.dotnet.framework.aspnet)
Re: Advice on mod_lisp-based web application.
... problems vanish then I'm definitely interested in trying to change ... recommendation is to migrate those to "session variables". ... uses a submit button to send the next bit of data back to the server. ... guarantee of number or order of client requests and therefore, ...
(comp.lang.lisp)
Re: asp session help
... then re-direct to the buildrows.asp page. ... values and I can set the session variables. ... >> Hi Ray, ... The user must submit the form before your server can get the ...
(microsoft.public.inetserver.asp.general)
Re: [PHP] is it safe to store username and password for mysql connection in session variables?
... > Is it safe to load these two into session variables when a user logs ... If you are using the default location /tmp and are on a shared server, ... PHP Security Handbook ...
(php.general)
Re: How do I get HTML sent to server?
... looks completed on the client browser. ... If you want the *exactly* HTML sent back to your server, ... archive of the page the way the client sees it with their form data added. ...
(comp.lang.javascript)