Reputation: 135
hidden gridview in asp.net safe?
Hello guys i was wondering if its safe using hidden gridview in asp.net. For example on the log in page use something like this for logging in? The sql command that fills this grid located inside the asp.net sql control and is connected to this gridview.
For x = 0 To workerGrid.Rows.Count - 1
If workerGrid.Rows.Item(x).Cells(6).Text = userBox.Text And
workerGrid.Rows.Item(x).Cells(7).Text = passwordInput.Text And
workerGrid.Rows.Item(x).Cells(10).Text = companyIdBox.Text And
workerGrid.Rows.Item(x).Cells(8).Text = "Active" Then
y = True
Exit For
End If
Next
Upvotes: 0
Views: 94
Answers (2)
Reputation: 721
First of all, you have chosen a completely wrong solution for user authentication. I recommend you change GridView with SqlDataSource to SqlDataReader if you are not using any ORM framework in your application.
Regarding your question, even if you hide GridView via Visible=false it still saves data in VIEWSTATE on page. The VIEWSTATE is a security risk if it is not encrypted (anyone could see or modify the values from it and POST them to your page). You should secure VIEWSTATE to avoid fake login. Click here for details.
Upvotes: 1
Reputation: 76434
You should check whether the content is generated into the html. If so, then it is extremely unsafe, professional programmers will be able to steal everything. Also, why don't you simply use a database? Also, why don't you obfuscate your password?
Finally, you should separate your backend logic from UI. User login should never have anything to do with UI controls.
Upvotes: 1
Related Questions
- asp:hiddenfield in GridView - Grid Line
- Display hidden row in asp.net mvc grid
- ASP.NET Windows authorization for visibility of GridView
- How to make a hidden gridview
- Hiding GridView Columns on RunTime
- asp.net viewstate security
- Does having an invisible ASP.NET control secure?
- Hide Data in asp.net GridView Except When Editing
- Are .NET GridView DataKeys secure?
- accessing gridview hiddenfield