Re: Is Server.Transfer secure?
From: tim almond (vv_at_iijjhh)
Date: 08/26/03
- Next message: frank: "Implementing Security - Advice Please"
- Previous message: Randy: "Deploying GAC dll to 3rd party machine, "Access is Denied""
- In reply to: Chris Jackson: "Re: Is Server.Transfer secure?"
- Next in thread: James: "Re: Is Server.Transfer secure?"
- Reply: James: "Re: Is Server.Transfer secure?"
- Reply: Chris Jackson: "Re: Is Server.Transfer secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Aug 2003 20:29:52 +0100
Chris Jackson wrote:
> It is like an internal pass - the client isn't aware of it. If the client
> gets between the two pages, then you have to validate your data. If it's
> already validated, then you can continue to trust it.
>
Hmmmm...
now I'm really puzzled ;)
Can I explain my situation...
The situation I have is a page with a datagrid which has a list of cases
based on the user ID of the user who is logged in. When the user selects
one of the cases, I need to pass the case # to the 'update case' page.
But what I don't want is someone to be able to form an HTTP request and
change the 'case number' to someone else's number.
First thought was to do what I used to do in ASP, and just validate
anything passed each time to ensure that it was valid for the user who
was logged in.
I suppose I could use a session variable to pass it, but was looking for
something a little cleaner.
Does this make sense, and am I stuck with re-validating?
- Next message: frank: "Implementing Security - Advice Please"
- Previous message: Randy: "Deploying GAC dll to 3rd party machine, "Access is Denied""
- In reply to: Chris Jackson: "Re: Is Server.Transfer secure?"
- Next in thread: James: "Re: Is Server.Transfer secure?"
- Reply: James: "Re: Is Server.Transfer secure?"
- Reply: Chris Jackson: "Re: Is Server.Transfer secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
