Web security, are there issues with hidden fields (no sensitive data)?

Question

I was having a discussion with coworkers. We have to implement some security standards. We know not to store \'sensitive, addresses, date of birth\' information in hidden

Answer 1

As other people have mentioned both the query string and hidden fields are essentially public data, viewable by the user.

One thing to keep in mind if you place data on the querystring is that people pass urls around, and because of this should never contain any information specific to the current user.

It is also probably a good idea not to include state information in the url, if that state can not be entered directly. Or at least you would need to handle invalid state information in the querystring.