securing querystring
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
suhaib1982 wrote:
want to prevent user from making changes to querystring coz i pass some parameters
You can never have any control over what user will have in their query string. User can anytime modify querystring and sent a http get request. Only thing you can try to get your needed portion to work on. You can try basic form submission using post method in case you want to secure sumiiting data in login page.
Thanks, Arindam D Tewary
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
you can use encryption techniques to encrypt your query string values before passing. so that user can never get the idea about it.
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
You'll have to not use a querystring if you don't want the querystring to be edited (which it always can). The easiest is to use the Session object to store your value temporarily.
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
Passing data values between Web pages has many applications, including maintaining personal user information. Legacy Web solutions, like using the querystring and cookies, allows you to pass and maintain values, and you can easily direct one page to another when submitted. ASP.NET 1.1 supported these solutions as well as additional ones, but ASP.NET 2.0 addresses the issue head on by supporting cross page postbacks. This makes it easy for one Web page to process data from another. Take advantage of this new concept when you're working on your next ASP.NET 2.0 application. Please check this link :Cross-Page Posting in ASP.NET Web Pages
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
:laugh: IF u wanna to transfer data from one page to another page usually we used to go for query string. here what method we using to transfer data is the thing.. we can transfer data in two ways Response.Redirect("page1.aspx"?z);-----this method does not have masking(means hide the data on the address bar) or Server.Transfer("page1.aspx"?z);------this has masking(means hide the data on the address bar)
-
hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks
Why not using a post method for sending the parameters.. Also, you can use session variable, or a cookie so that a common user wont be able to modify such details as such.. - jaypatel512