Re: Getting viewstate value from readonly textbox in .NET2 (VB)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Last post! =)

On second thought, I'll just use a CompareValidator to ensure the valid
date.


"ShaneFowlkes" <shanefowlkes@xxxxxxxxxxxxxxxxx> wrote in message
news:OZGybflXGHA.4920@xxxxxxxxxxxxxxxxxxxxxxx
OK...after doing much reading (and confusion), I just decided to leave the
fields wide open. My datepicker served two purposes. 1- For convenience.
2 - Making sure the date was valid date. I'll just have to an additional
server-side edit to make sure the dates are legit. I'm still a little
disappointed in this change...but I guess it's better for security issues.

: /




"ShaneFowlkes" <shanefowlkes@xxxxxxxxxxxxxxxxx> wrote in message
news:OTV$PGkXGHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for your research. I'll look into it shortly and post my results
back to this thread.

Thanks!


"Mike" <michael.lang@xxxxxxxxxxxx> wrote in message
news:1144853290.234591.326120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I found out why it was done. I take back my "terrible idea" comment.
It was to prevent security hacks. A read-only field typically should
not be changed by the user, and thus should not be needed on postback.
Of coarse, your property is not REALLY read-only from a business
perspective, you just want them to use the date-picker. Following are
some workarounds.

"Four Guys" say to use the disabled attribute, and use ASP.NET 2.0's
SubmitDisabledControls property to enable them just before postback.
They don't like the enabled attribute since it isn't on all controls.
http://aspnet.4guysfromrolla.com/articles/012506-1.aspx

"Scott" says you shouldn't read readonly fields and instead reread them
from the database. Good for some data like id's, but not good for your
date picker solution. I recommend others reading this post do not use
the other workarounds that Rick is using for id fields used on
postback. That defeats the purpose of the security fix.
http://scottonwriting.net/sowblog/posts/4965.aspx

"Rick" says to get the read-only value from a field using the request:
this.TextBox1.Text = Request[this.TextBox1.UniqueID];
west-wind.com/weblog/posts/3939.aspx
site was down for me. If it is at the time you read this, see the
google cached version:
http://72.14.203.104/search?q=cache:tiDSEaZK0lEJ:west-wind.com/weblog/posts/3939.aspx+asp.net+2.0+textbox+readonly&hl=en&gl=us&ct=clnk&cd=1

Michael Lang
XQuiSoft LLC
http://www.xquisoft.com/







.

Relevant Pages

  • Re: Getting viewstate value from readonly textbox in .NET2 (VB)
    ... OK...after doing much reading, I just decided to leave the ... My datepicker served two purposes. ... It was to prevent security hacks. ... SubmitDisabledControls property to enable them just before postback. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: OpenSSL Hacks
    ... a security protocol is worrisome and potentially harmful (to ... the purposes of the protocol). ... code problems are a sign that no adequate review (security or ... If you're going to rely on certification, ...
    (sci.crypt)
  • Re: too many firewalls?
    ... >> Oh, but it can be useful for other purposes, like blocking ... > Words like 'semi-naughty' are senseless when we talk about security. ... Even though you may trust these companies, ... Software firewalls most definitely can be useful, but are not the holy grail ...
    (comp.security.firewalls)
  • Re: Classic Log ON Prompt
    ... > COmputer set to show Classica log on Prompt when starting for security ... > purposes. ... comp starts and shows desktop. ... What is missing. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Password Fields
    ... I understand the security concerns. ... issue is there regardless of the postback, ... > restore it, I'm sure the method you are using works great. ... >> We're trying to determine how to deal with password fields losing their ...
    (microsoft.public.dotnet.framework.aspnet)