Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3693
  • Last Modified:

ASP.Net - Hack viewstate and postback

I'm sure we can see what is inside view state in client site.

But could hacker alter the data stored in view state and post back to server?

For example, I store ID in view state and display information regarding that ID. Then user (hacker) changes ID to some ID and post back to server.

If so, could I please get some solid examples about how to prevent them? Thank you so much for help!!!
0
winmyan
Asked:
winmyan
  • 2
1 Solution
 
tillgeffkenCommented:
Viewstate is hashed but breakable. Use viewstate encryption as described in http://msdn.microsoft.com/en-us/library/aa479501.aspx
0
 
winmyanAuthor Commented:
Hi tillgeffken,

Thank you for your quick response.

<configuration>
   <system.web>
      <pages ViewStateEncryptionMode="Always" />
   </system.web>
</configuration>

Just by doing that view state in all aspx pages will be encrypted. Mainly, no hacker can alter the view state?
0
 
tillgeffkenCommented:
That's correct. At least it will make it very difficult, nothing is impossible. However this is not the right approach to hide data from users. Your website's security should make sure that content is only served to authorized users but that's a totally different story.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now