But one thing I still struggle with is when I want to open a page and pass
that page some information. Here are some choices I have:
1. Pass it as a query string. This works for some tasks. But for other
tasks, this is neither private nor safe from being modified by casual users.
2. Use PreviousPage. This also works for some tasks. But when the data to be
passed is not really part of the page, then this model seems to break down.
3. Set a Session variable. This is both private and secure and works well.
However, it's a little awkward to "clean up" and using this technique
regularly would result in a bunch of memory being wasted for each session
unless you had a clean way to delete those variables after they were used.
I'm just curious if others have found a better approach. I'm starting to
think about using ViewState in the previous page and then using PreviousPage
to access that ViewState. Assuming that's possible, that approach is both
private and secure as well as "self-cleaning". I'd need to think about it
some more to decide how much I like that.
Thanks.
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.comFYI - Using ViewState is neither private or secure.
The hash that Microsoft uses to code (not encrypt) the ViewState string is
well-known and there are many tools available to decode the string.
If you need a secure way of passing the data you could use the encryption
classes in .NET to encrypt the data you want to pass and then pass it using
any of the methods below.
Don't forget about the most robust solution, passing the data to a database
and then retrieving it later.
-Scott
"Jonathan Wood" <jwood@.softcircuits.com> wrote in message
news:ef5Tj30aIHA.1208@.TK2MSFTNGP03.phx.gbl...
> I'm finally getting the hang of ASP.NET.
> But one thing I still struggle with is when I want to open a page and pass
> that page some information. Here are some choices I have:
> 1. Pass it as a query string. This works for some tasks. But for other
> tasks, this is neither private nor safe from being modified by casual
> users.
> 2. Use PreviousPage. This also works for some tasks. But when the data to
> be passed is not really part of the page, then this model seems to break
> down.
> 3. Set a Session variable. This is both private and secure and works well.
> However, it's a little awkward to "clean up" and using this technique
> regularly would result in a bunch of memory being wasted for each session
> unless you had a clean way to delete those variables after they were used.
> I'm just curious if others have found a better approach. I'm starting to
> think about using ViewState in the previous page and then using
> PreviousPage to access that ViewState. Assuming that's possible, that
> approach is both private and secure as well as "self-cleaning". I'd need
> to think about it some more to decide how much I like that.
> Thanks.
> --
> Jonathan Wood
> SoftCircuits Programming
> http://www.softcircuits.com
>
Scott,
> FYI - Using ViewState is neither private or secure.
> The hash that Microsoft uses to code (not encrypt) the ViewState string is
> well-known and there are many tools available to decode the string.
Yes, good point. Is it just base64?
> If you need a secure way of passing the data you could use the encryption
> classes in .NET to encrypt the data you want to pass and then pass it
> using any of the methods below.
I'm so far relatively unfamilier with these. If there's a way to checksum
the data to prevent trying to decrypt something that the user just typed in,
that would definitely be something to explore.
> Don't forget about the most robust solution, passing the data to a
> database and then retrieving it later.
Right. But that's not really more secure than setting a Session variable, is
it?
Thanks.
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
Session is efficient and doesn't use a lot of memory if you don't store
complex objects. It's also easy to remove a session item after you are done
with it, so I cannot say I agree with your statements.
However I have successfully used compressed cookies (compressed via LZMA /
7ZIP) as an alternative to Session.
-- Peter
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
MetaFinder: http://www.blogmetafinder.com
"Jonathan Wood" wrote:
> I'm finally getting the hang of ASP.NET.
> But one thing I still struggle with is when I want to open a page and pass
> that page some information. Here are some choices I have:
> 1. Pass it as a query string. This works for some tasks. But for other
> tasks, this is neither private nor safe from being modified by casual user
s.
> 2. Use PreviousPage. This also works for some tasks. But when the data to
be
> passed is not really part of the page, then this model seems to break down
.
> 3. Set a Session variable. This is both private and secure and works well.
> However, it's a little awkward to "clean up" and using this technique
> regularly would result in a bunch of memory being wasted for each session
> unless you had a clean way to delete those variables after they were used.
> I'm just curious if others have found a better approach. I'm starting to
> think about using ViewState in the previous page and then using PreviousPa
ge
> to access that ViewState. Assuming that's possible, that approach is both
> private and secure as well as "self-cleaning". I'd need to think about it
> some more to decide how much I like that.
> Thanks.
> --
> Jonathan Wood
> SoftCircuits Programming
> http://www.softcircuits.com
>
It's easy to remove a session item, but with complex code, it's even easier
to have paths that fail to remove it.
I don't yet know enough to use cookies to pass information or judge how
efficient/secure it is.
Thanks.
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
"Peter Bromberg [C# MVP]" <pbromberg@.yahoo.NoSpamMaam.com> wrote in message
news:72FC1361-92CA-4D01-A8BE-129EDF5A91B8@.microsoft.com...
> Session is efficient and doesn't use a lot of memory if you don't store
> complex objects. It's also easy to remove a session item after you are
> done
> with it, so I cannot say I agree with your statements.
> However I have successfully used compressed cookies (compressed via LZMA /
> 7ZIP) as an alternative to Session.
> -- Peter
> Site: http://www.eggheadcafe.com
> UnBlog: http://petesbloggerama.blogspot.com
> MetaFinder: http://www.blogmetafinder.com
>
> "Jonathan Wood" wrote:
>
another way...maybe Context.Items
Example:
--
Dim Context As HttpContext
Context = HttpContext.Current
Context.Items.Add("miEjemplo", "UnEjemplo")
Server.Transfer("Pagina2.aspx")
another page... Pagina2.aspx
Dim Context As HttpContext
Context = HttpContext.Current
If Context.Items.Contains("miEjemplo") Then
Me.lblTest.Text = CType(Context.Items("miEjemplo").ToString,
..
Links:
--
HttpContext
http://msdn2.microsoft.com/es-es/li...ttpcontext.aspx
Passing values from a page to another by means of the Context object
http://www.devx.com/vb2themax/Tip/18847
State management with Context.Items in ASP.NET
http://www.csse.monash.edu.au/cours...2004/state.html
______________________
Jose A. Fernandez
blog: [url]http://g
s.ms/blogs/fernandezja[/url]On 9 feb, 21:40, "Jonathan Wood" <jw...@.softcircuits.com> wrote:
> It's easy to remove a session item, but with complex code, it's even easie
r
> to have paths that fail to remove it.
> I don't yet know enough to use cookies to pass information or judge how
> efficient/secure it is.
> Thanks.
> --
> Jonathan Wood
> SoftCircuits Programminghttp://www.softcircuits.com
> "Peter Bromberg [C# MVP]" <pbromb...@.yahoo.NoSpamMaam.com> wrote in messag
enews:72FC1361-92CA-4D01-A8BE-129EDF5A91B8@.microsoft.com...
>
>
>
>
>
>
>
>
>
>
>
Interesting. I'm looking into this.
Thanks.
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
"Jose A. Fernandez" <fernandezja@.gmail.com> wrote in message
news:82633f0c-809c-4387-9770-fc82ad3caf4c@.e23g2000prf.googlegroups.com...
> another way...maybe Context.Items
> Example:
> --
> Dim Context As HttpContext
> Context = HttpContext.Current
> Context.Items.Add("miEjemplo", "UnEjemplo")
> Server.Transfer("Pagina2.aspx")
> another page... Pagina2.aspx
> Dim Context As HttpContext
> Context = HttpContext.Current
> If Context.Items.Contains("miEjemplo") Then
> Me.lblTest.Text = CType(Context.Items("miEjemplo").ToString,
> ...
> Links:
> --
> HttpContext
> http://msdn2.microsoft.com/es-es/li...ttpcontext.aspx
> Passing values from a page to another by means of the Context object
> http://www.devx.com/vb2themax/Tip/18847
> State management with Context.Items in ASP.NET
> http://www.csse.monash.edu.au/cours...2004/state.html
>
> ______________________
> Jose A. Fernandez
> blog: [url]http://g
s.ms/blogs/fernandezja[/url]>
>
> On 9 feb, 21:40, "Jonathan Wood" <jw...@.softcircuits.com> wrote:
>
0 comments:
Post a Comment