How to prevent displaying ID= in my URL querystring?
-
Any thoughts how to prevent displaying querystring value information...e.g. abc.aspx?userid=103? If someone wants they can type in userid=101 or 102 to display information for the other records by typing in the URL. I've heard folks use GUIDs when passing ID's in URLS. When you see a large value of 889EA536-0B32-3345-B124-F44141C50CB7 would make it complicated to guess the next record. My guess they'd use an INT as the PK, but meanwhile have a GUID column for each user record? Thoughts on that practice? Thanks
-
Any thoughts how to prevent displaying querystring value information...e.g. abc.aspx?userid=103? If someone wants they can type in userid=101 or 102 to display information for the other records by typing in the URL. I've heard folks use GUIDs when passing ID's in URLS. When you see a large value of 889EA536-0B32-3345-B124-F44141C50CB7 would make it complicated to guess the next record. My guess they'd use an INT as the PK, but meanwhile have a GUID column for each user record? Thoughts on that practice? Thanks
http://www.4guysfromrolla.com/webtech/012000-1.shtml[^]
I didn't get any requirements for the signature
-
Any thoughts how to prevent displaying querystring value information...e.g. abc.aspx?userid=103? If someone wants they can type in userid=101 or 102 to display information for the other records by typing in the URL. I've heard folks use GUIDs when passing ID's in URLS. When you see a large value of 889EA536-0B32-3345-B124-F44141C50CB7 would make it complicated to guess the next record. My guess they'd use an INT as the PK, but meanwhile have a GUID column for each user record? Thoughts on that practice? Thanks
If you don't want people to see your querystring, then save it to database and use some ID, preferably GUID. Then based on the id you read the querystring value. another technique is to host your application in iframe, that way only the top level url which houses the iframe will be visible and the user can not see the full url + querystring.
Yusuf Oh didn't you notice, analogous to square roots, they recently introduced rectangular, circular, and diamond roots to determine the size of the corresponding shapes when given the area. Luc Pattyn[^]
-
Any thoughts how to prevent displaying querystring value information...e.g. abc.aspx?userid=103? If someone wants they can type in userid=101 or 102 to display information for the other records by typing in the URL. I've heard folks use GUIDs when passing ID's in URLS. When you see a large value of 889EA536-0B32-3345-B124-F44141C50CB7 would make it complicated to guess the next record. My guess they'd use an INT as the PK, but meanwhile have a GUID column for each user record? Thoughts on that practice? Thanks
Since you are dealing with only an integer, you could store it in the Session on the source page and then do a response.redirect to the new page and read the session value. SourcePage:
Protected Sub TransferButton_Click(ByVal sender As Object, ByVal e As EventArgs) Handles TransferButton.Click
Session("MyId") = MyID
Response.Redirect("TargetPage.aspx")
End SubTargetPage.aspx:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim MyID as Int = 0
If Me.IsPostBack = False then
MyID = CInt(Session("MyId"))
Session("MyId") = Nothing 'Clear value from session after retrieving
End IfEnd Sub
- Robert Beaubien - Kool Software LLC - Try the New Warp10 Code Generator and Framework at https://www.warp-10.com -
-
Any thoughts how to prevent displaying querystring value information...e.g. abc.aspx?userid=103? If someone wants they can type in userid=101 or 102 to display information for the other records by typing in the URL. I've heard folks use GUIDs when passing ID's in URLS. When you see a large value of 889EA536-0B32-3345-B124-F44141C50CB7 would make it complicated to guess the next record. My guess they'd use an INT as the PK, but meanwhile have a GUID column for each user record? Thoughts on that practice? Thanks
you have many options: 1. Not use query string, use post method and retrieve value on next form using previouspage object 2. Use encrypted values in querystring, there are hundreds of different algorithms 3. Use Session object 4. Use Profile 5. Use Application Object too. 6. Use Encrypted Cookies 7. If you want to slow down a little bit use database 8. Also you can use file handling to write value to text or xml file From Gaurav Mahajan Website Developer Amritsar Website: sushilindia.com
-
you have many options: 1. Not use query string, use post method and retrieve value on next form using previouspage object 2. Use encrypted values in querystring, there are hundreds of different algorithms 3. Use Session object 4. Use Profile 5. Use Application Object too. 6. Use Encrypted Cookies 7. If you want to slow down a little bit use database 8. Also you can use file handling to write value to text or xml file From Gaurav Mahajan Website Developer Amritsar Website: sushilindia.com
I'll sugest using session objects, it's the easiest way. oh and if you didn't know , you can place any type of object into a session variable you'll just have to convert it back to the type of object you want when you use it, and another plus , its value can be used on any page.
-
I'll sugest using session objects, it's the easiest way. oh and if you didn't know , you can place any type of object into a session variable you'll just have to convert it back to the type of object you want when you use it, and another plus , its value can be used on any page.
"oh and if you didn't know , you can place any type of object into a session variable you'll just have to convert it back to the type of object you want when you use it, and another plus , its value can be used on any page." True, but large objects will require more memory in the webserver and will limit scalability of the website.
- Robert Beaubien - Kool Software LLC - Try the New Warp10 Code Generator and Framework at https://www.warp-10.com -
-
http://www.4guysfromrolla.com/webtech/012000-1.shtml[^]
I didn't get any requirements for the signature