发表新帖
发表新帖

Can malicious users modify viewstate?

前端 未结
关注
2 1195
一生所求
一生所求 2021-01-19 14:35

If ViewStatemac is enabled in an ASP.NET application can a user modify what is in ViewState and successfully pass it back to the server?

I have an applicaiton (that

2条回答
  • 独厮守ぢ
    独厮守ぢ (楼主)
    2021-01-19 15:27

    If ViewStateMAC is enabled the attacker would need to be able to crack the "machine key" in order to alter the ViewState, so it should be reasonably secure if this value is kept private.

    Is the value set in the code behind (e.g. ViewState["OrderBy"]) rather than via a control? If so this will not be subject to Event Validation.

    0 讨论(0)
 看不清?
提交回复
热议问题