Hopefully this isn't a redundant question--I'm not really sure how to word it. Let's say I have a list of items on an ASP.net page. That list is selectable in that whenever the user clicks on one, the page does a postback and the server code stores the index or some unique identifier of the picture in a ViewState property indicating that it is currently selected.
希望这不是一个多余的问题 - 我不确定如何说出来。假设我在ASP.net页面上有一个项目列表。该列表是可选择的,因为每当用户点击一个页面时,页面都会进行回发,并且服务器代码将图片的索引或某些唯一标识符存储在ViewState属性中,表明它当前已被选中。
I would like to minimize the load on the server and therefore I would like to store the index or unique identifier representing the image in some way on the client side. The best way I can think to do this is to store said information in a hidden field ), however I had two questions about this before I go crazy:
我想最小化服务器上的负载,因此我想在客户端以某种方式存储表示图像的索引或唯一标识符。我能想到的最好的方法是将所述信息存储在一个隐藏的领域中,但是在我疯狂之前我有两个问题:
-
Is this a security risk in any way, shape or form (i.e., exposing implementation details of the page)?
这是一种安全风险,无论是形式还是形式(即暴露页面的实施细节)?
-
Is there a better/best way to do this that is more industry-standard? Does ASP.net provide a framework to do this that is cleaner than my idea? Seems like this would be a fairly common requirement to me...
是否有更好/最好的方法来实现更符合行业标准的方法? ASP.net是否提供了一个比我的想法更清晰的框架?对我来说这似乎是一个相当普遍的要求......
I have been working in ASP.net for about two years now. Please, be kind :-)
我已经在ASP.net工作了大约两年了。请善待:-)
Best, Patrick Kozub
最好的,Patrick Kozub
1 个解决方案
#1
1
-
The only security risk would be if some list items must remain non-selectable. It sounds like that is not the case in your situation. The user already knows the information, because he or she already selected the item.
唯一的安全风险是,如果某些列表项必须保持不可选。在你的情况下听起来并非如此。用户已经知道该信息,因为他或她已经选择了该项目。
NOTE: If the server ever does anything with that information and pulls it back from the user, then you must validate the index value. Otherwise, the user could change it to an invalid index, such as (-2), and trigger an exception.
注意:如果服务器对该信息执行任何操作并将其从用户拉回,则必须验证索引值。否则,用户可以将其更改为无效索引,例如(-2),并触发异常。
-
You can store the index (or related value) in a global javascript variable. If you're avoiding a trip back to the server, .NET doesn't really have a role to play.
您可以将索引(或相关值)存储在全局javascript变量中。如果你不想回到服务器,那么.NET就没有真正的角色了。
#1
1
-
The only security risk would be if some list items must remain non-selectable. It sounds like that is not the case in your situation. The user already knows the information, because he or she already selected the item.
唯一的安全风险是,如果某些列表项必须保持不可选。在你的情况下听起来并非如此。用户已经知道该信息,因为他或她已经选择了该项目。
NOTE: If the server ever does anything with that information and pulls it back from the user, then you must validate the index value. Otherwise, the user could change it to an invalid index, such as (-2), and trigger an exception.
注意:如果服务器对该信息执行任何操作并将其从用户拉回,则必须验证索引值。否则,用户可以将其更改为无效索引,例如(-2),并触发异常。
-
You can store the index (or related value) in a global javascript variable. If you're avoiding a trip back to the server, .NET doesn't really have a role to play.
您可以将索引(或相关值)存储在全局javascript变量中。如果你不想回到服务器,那么.NET就没有真正的角色了。