Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > ViewStateMac Errors

Reply
Thread Tools

ViewStateMac Errors

 
 
JimF
Guest
Posts: n/a
 
      01-02-2008
We have an application that is persisting ViewState to a SQL database and
thus all of our pages only have a GUID for the view state hidden field. We
are also getting ViewStateMac errors under certain conditions, like using the
Back button, which we seem to not have control over.

1. A user can not do ViewState injection since WE are storing the viewstate
server side. (At best, they could only replace the GUID with a different one
and the odds of them finding an unexpired GUID is worse than winning the
lottery...)
2. My understanding of ViewStateMac is that it is a Digest of the ViewState,
plus some secret key stuff.

So, (finally), my question is, from a security standpoint, how necessary is
it to use ViewStateMac when the content of the ViewState is not going back to
the user?

Thanks in advance.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VB.Net- 0 Build Errors, but I am prompted that there were build errors? Lance Wynn ASP .Net 1 02-03-2008 12:20 AM
Out-of-memory errors and caching errors. George1776 ASP .Net 2 09-14-2006 03:34 PM
Obsolete Errors and Deprecated Errors using Dotnet Framework 2.0 SenthilVel ASP .Net 0 06-07-2006 11:48 AM
Internet Explorer causing errors/ slow internet speed and Outlook express errors Jeanne Medley Computer Support 2 02-11-2004 11:44 PM
Errors, errors, errors Mark Goldin ASP .Net 2 01-17-2004 08:05 PM



Advertisments