you already took care of the security issue by encrypting your query string. but if you still concerned then you can use Server.Transfer() method to go from one page to another. It works almost identical like Reponse.Redirect() method but the cool thing
is that the end-user won't see anything (i.e. your parameters/query string) in the address bar of the browser. hope this helps.
MCP, MCAD.Net
-------------
Please remember to Mark As Answer if this post answered your question!
i dont want to get iformation of my table field and value of them
Don't provide table information in the querystring. You don't have to. ID values will always appear in your app somehwere as html code ot whatever. If you do not want this information to be made public, don't put it in a web site.
vahidarr
my main qusetion is what secuirity issues shoud l attention for using querystring?
Make sure you use parameters when you use querystring values as part of your SQL so that you prevent SQL injection. Also, ensure that you validate the type and range of any querystring values, as the user might manipulate them.
vahidarr
Member
342 Points
474 Posts
securit issues about using query string
Nov 03, 2011 05:11 PM|LINK
what things should i attention to it when using querystring?because it is in adress bar of browser.i just encrypt the value of query is it enugh?
Mikesdotnett...
All-Star
154818 Points
19853 Posts
Moderator
MVP
Re: securit issues about using query string
Nov 03, 2011 05:51 PM|LINK
Why don't you want people to be able to see the value?
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
vahidarr
Member
342 Points
474 Posts
Re: securit issues about using query string
Nov 04, 2011 03:30 PM|LINK
i dont want to get iformation of my table field and value of them.my main qusetion is what secuirity issues shoud l attention for using querystring?
Bikram Saluj...
Participant
1582 Points
347 Posts
Re: securit issues about using query string
Nov 04, 2011 03:37 PM|LINK
you already took care of the security issue by encrypting your query string. but if you still concerned then you can use Server.Transfer() method to go from one page to another. It works almost identical like Reponse.Redirect() method but the cool thing is that the end-user won't see anything (i.e. your parameters/query string) in the address bar of the browser. hope this helps.
-------------
Please remember to Mark As Answer if this post answered your question!
Mikesdotnett...
All-Star
154818 Points
19853 Posts
Moderator
MVP
Re: securit issues about using query string
Nov 04, 2011 04:22 PM|LINK
Don't provide table information in the querystring. You don't have to. ID values will always appear in your app somehwere as html code ot whatever. If you do not want this information to be made public, don't put it in a web site.
Make sure you use parameters when you use querystring values as part of your SQL so that you prevent SQL injection. Also, ensure that you validate the type and range of any querystring values, as the user might manipulate them.
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
Primillo
Star
8723 Points
1677 Posts
Re: securit issues about using query string
Nov 18, 2011 07:19 PM|LINK
You can check the length too:
http://www.codeproject.com/KB/aspnet/QueryString.aspx
http://stackoverflow.com/questions/349742/how-do-you-test-your-request-querystring-variables
http://msdn.microsoft.com/en-us/library/system.web.httprequest.querystring.aspx
If you use QueryString to get the id of your table, make sure is an Integer.
Primillo
http://www.facebook.com/programandopuntonet