|
| View source in IE security issue |
 |
Wed, 2 Apr 2008 15:47:21 +0000 |
I am dynamically creating a gridview at runtime with dropdownlists, textboxes
and a command column. Now when I go to view the source in IE I can view all the
values and options in a dropdown or any field. Is there a method to hide
information like this? Example: all the values are shown which is bad.
</select></td><td><input
id="Grid_ctl02_FieldAllowLoginEditCHK" type="checkbox"
name="Grid$ctl02$FieldAllowLoginEditCHK" checked="checked"
/></td><td><select name="Grid$ctl02$ctl01"
style="width:200px;">
<option value="2000">Stuff1</option>
<option value="2176">Stuff2</option>
<option value="2177">Stuff3</option>
<option value="2178">Stuff4</option>
<option value="2179">Stuff5</option>
</option>
|
| Post Reply
|
| Re: View source in IE security issue |
 |
Wed, 2 Apr 2008 16:24:44 +0000 |
First of all, any information that is sent to the client browser can be viewed
by an experienced web developer. So having said that, no you can't hide the
values in a dropdown. You should instead never provide sensitive information to
the client. In your particular case I would look at it this way, if I don't want
to show the client what the value for Stuff1 is, then I would change the value
to Stuff1 and when I consume the value of that dropdown, convert Stuff1 to 2000,
Stuff2 to 2176, etc. Do this portion in your server-side code so that it is
hidden from the client. Hope this helps.
|
| Post Reply
|
| Re: View source in IE security issue |
 |
Wed, 2 Apr 2008 17:11:57 +0000 |
Ok I understand in theory but how could i implement?
|
| Post Reply
|
| Re: View source in IE security issue |
 |
Wed, 2 Apr 2008 18:24:05 +0000 |
Well, I don't really know the purpose of your drop-down but I will see if I can
give you some direction. (hopefully you're not using C#)
Lets say that this drop-down controls some action in your code-behind, possibly
something like this:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
Handles Me.Load
Dim idNum as integer
Select Case dropDown1.selectedValue
Case"Stuff1"
idNum = 2000
Case"Stuff2"
idNum = 2176
Case"Stuff3"
idNum = 2177
Case"Stuff4"
idNum = 2177
Case"Stuff5"
idNum = 2179
End Select
datasource1.SelectCommand = "SELECT * FROM table1 where id = "
& idNum
End Sub
In that example, the choice that is made in the drop-down(dropDown1) is used to
control a query.
If this doesn't help you, you may want to post some more of your code, and
explain the purpose of this drop-down.
|
| Post Reply
|
| Re: View source in IE security issue |
 |
Wed, 2 Apr 2008 18:37:13 +0000 |
Ok something like that would work, but its all hardcoded and i don't have the
time to dynamically do this. I think its best to just remove the value column
and grab the ID with a select in the SQL. What do you think?
|
| Post Reply
|
|
|
|
|
|
|
|
|
|