Additional measures
The measures in this section won't have a dramatic effect, especially if you use dynamic file compression. However, they don't take much time, so may still be worthwhile.
Event validation
If you take a page with input elements and look at its page source, you will probably come across a hidden form field called __EVENTVALIDATION
.
This is part of a security feature that was introduced in ASP.NET 2.0. It records all input elements in that hidden form field. This way, after a postback, the page can check whether all incoming data was generated by known input elements. That makes it a bit harder for malicious users to confuse your application with bogus data.
Note
For more information, visit http://www.gdssecurity.com/l/b/2009/03/19/when-aspnet-eventvalidation-doesnt-work/ ...
Get ASP.NET Site Performance Secrets now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.