This is a discussion on "Viewstate" within the ASP.NET Forum section. This forum, and the thread "Viewstate are both part of the Program Your Website category.
|
|
|
|
|
 |
||
Viewstate
|
||
| Notices |
 |
|
|
LinkBack | Thread Tools |
|
#1
Oct 7th, 2003, 10:07
|
|||
|
|||
|
Viewstate
How crackable/decryptable is the "__VIEWSTATE"?
u2o        |
|
|
|
#2
Oct 7th, 2003, 15:42
|
|||
|
|||
|
Answer to my own question..!
The "__VIEWSTATE" can be decrypted client side but this will require the use of Microsofts special class "LosFormatter". This class crypt's and decrypt's the content of Page and controls viewstate. u2o |
|
#3
Oct 8th, 2003, 11:49
|
|||
|
|||
|
what are the advantages of cracking the viewstate?
|
|
#4
Oct 8th, 2003, 12:22
|
|||
|
|||
|
I was messing the other day with an asp label with it's visible property set to 'false' and it's text value set to '1'.
This data was obviously stored in the viewstate and thought there is a possibility of storing data there, which would be *reasonably* safe. I am just experimenting with this and don't have any plans as of yet to implement any systems without further investigation. What I cannot understand is that, since the code for the label (which if I remember correctly is rendered as a <span> tag) was not in the source, how can it be put in the viewstate? There is the possibility that I may have read my source incorrectly. u2o |
|
| Tags |
| viewstate |
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ASP.NET Control ViewState | Basheer | ASP.NET Forum | 2 | Apr 14th, 2007 10:25 |
