DEVHIDE
Login Or Sign up

Is it possible to fake the query-string on postback?

151 Views Asked by At

I have ASP.NET page which has a security-sensitive query string. In order to verify it I perform quite heavy calculations in Page_Load. That page has a button and OnClick handler.

Do I still need to verify the query string again if IsPostBack is true?

c# asp.net postback
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

Yes. In fact almost everything is subject to forgery.

The query string can easily be changed, from the browser itself, the source code, man-in-the-middle attacks, etc.

It is even better to avoid putting sensitive data in the query string, try to use POST as much as possible. (A GET is allowed to be send cross-domain, while POST isn't)

Related Questions in C#

Related Questions in ASP.NET

Related Questions in POSTBACK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.