Querystring

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi
I am using Querystring to send some Parameters from Page A to Page B.

How do i ensure in page B that my Querystring is not ALTERED by somebody.

Thanks
vinay
 
Hi Vinay,

The only way to really do this is to store them in a Session. Even if you
would write them to a hidden field a person could change them and resubmit
your form. Another way you could do it with out session is to store them in
a database and then set the hidden field to the ID you need to retrieve
them. Someone could still mess around with that but at least they wouldn't
know what exactly they are doing...until they see the results. Oh, you
could store them in ViewState too I believe which is encoded, that could be
an option. Good luck! Ken.
 
Without having to change this one VB.NET Web Application that I'm modifying,
I added the following code at the first line in the Page_Load()

If Context.Request.ServerVariables("HTTP_REFERER") = "" Then
Response.Redirect("unauthorized.aspx")
End If

When you come from a aspx, asp, etc.. page (including a postback), the
HTTP_REFERER contains the page you're coming from (as well as the server
name).

If the user cuts and pastes the following URL and pastes it into the URL of
there browser:

http://www.server.com/somepage.aspx?v1=one&v2=two

HTTP_REFERER will then contain nothing because the user is coming from a
browser and not being redirected from a page on your www.server.com server.

On note though...
This will only deter regular people from messing with the URL from a
browser.
Programmers can just write a program to fill in the HTTP_REFERER or some
other similar method to fill in the HTTP_REFERER.

Another thing to do to is use a POST instead of a GET method.
 
Back
Top