Friday May 6th

Thursday May 5th

ASP.NET Encoding QueryString Data to Limit Tampering

We've all been there. We develop a web application that uses the querystring to pass data from a master list page to a detail page. Usually just the ID is passed (just a good programming technique) and you even check and double check the value and type of data so that only the user who is supposed to see it, sees it. But the temptation to change the id for the user is too great and nobody ever likes seeing any type of identifier in the querystring. The solution I've developed simply encodes the querystring name/value pairs so that it is unreadable but can be retrieved and created with relative ease.


Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading DotNetKicks...
brought to you by the Kicks Network