Re: Getting viewstate value from readonly textbox in .NET2 (VB)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

OK...after doing much reading (and confusion), I just decided to leave the
fields wide open. My datepicker served two purposes. 1- For convenience.
2 - Making sure the date was valid date. I'll just have to an additional
server-side edit to make sure the dates are legit. I'm still a little
disappointed in this change...but I guess it's better for security issues.

: /




"ShaneFowlkes" <shanefowlkes@xxxxxxxxxxxxxxxxx> wrote in message
news:OTV$PGkXGHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for your research. I'll look into it shortly and post my results
back to this thread.

Thanks!


"Mike" <michael.lang@xxxxxxxxxxxx> wrote in message
news:1144853290.234591.326120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I found out why it was done. I take back my "terrible idea" comment.
It was to prevent security hacks. A read-only field typically should
not be changed by the user, and thus should not be needed on postback.
Of coarse, your property is not REALLY read-only from a business
perspective, you just want them to use the date-picker. Following are
some workarounds.

"Four Guys" say to use the disabled attribute, and use ASP.NET 2.0's
SubmitDisabledControls property to enable them just before postback.
They don't like the enabled attribute since it isn't on all controls.
http://aspnet.4guysfromrolla.com/articles/012506-1.aspx

"Scott" says you shouldn't read readonly fields and instead reread them
from the database. Good for some data like id's, but not good for your
date picker solution. I recommend others reading this post do not use
the other workarounds that Rick is using for id fields used on
postback. That defeats the purpose of the security fix.
http://scottonwriting.net/sowblog/posts/4965.aspx

"Rick" says to get the read-only value from a field using the request:
this.TextBox1.Text = Request[this.TextBox1.UniqueID];
west-wind.com/weblog/posts/3939.aspx
site was down for me. If it is at the time you read this, see the
google cached version:
http://72.14.203.104/search?q=cache:tiDSEaZK0lEJ:west-wind.com/weblog/posts/3939.aspx+asp.net+2.0+textbox+readonly&hl=en&gl=us&ct=clnk&cd=1

Michael Lang
XQuiSoft LLC
http://www.xquisoft.com/





.

Relevant Pages

  • Re: Getting viewstate value from readonly textbox in .NET2 (VB)
    ... My datepicker served two purposes. ... It was to prevent security hacks. ... SubmitDisabledControls property to enable them just before postback. ... the other workarounds that Rick is using for id fields used on ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Adding Front End Security Server
    ... Terry, I understand your concerns and the need for security, but one can ... It a Home User firewall. ... > After reading several articles on the SANS.org website, ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: SImple, easy, secure and cheap database solution for website?
    ... all I did was say more or less what you have above - unfortunately the OP seems to have stamped his feet, thrown his toys about and then stomped out of the room when he didn't get the replies he liked... ... Good help you if you think that security is just a matter if reading some civil service blurb - considering how secure some HMG IT data management has been... ... As for the idiot who thinks he can set up such a system but had to ask how to obtain a file view of a server directory, ...
    (uk.net.web.authoring)
  • Re: Security Issue with Office XP Outlook 2002 SP3
    ... Writing to .Body or .HTMLBody is not restricted and won't fire the security, ... only reading those properties does. ... > transition between the Outlook mail item object handle in VB6 and the ... > equivalent Extended MAPI handle in C code. ...
    (microsoft.public.outlook.program_addins)
  • Security Job Tracks?
    ... are reading this, I am asking a small favor of all of the "experts" ... there are so many topics in the security arena. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)