Additional measures

The measures in this section won't have a dramatic effect, especially if you use dynamic file compression. However, they don't take much time, so may still be worthwhile.

Event validation

If you take a page with input elements and look at its page source, you will probably come across a hidden form field called __EVENTVALIDATION.

This is part of a security feature that was introduced in ASP.NET 2.0. It records all input elements in that hidden form field. This way, after a postback, the page can check whether all incoming data was generated by known input elements. That makes it a bit harder for malicious users to confuse your application with bogus data.

Note

For more information, visit http://www.gdssecurity.com/l/b/2009/03/19/when-aspnet-eventvalidation-doesnt-work/ ...

Get ASP.NET Site Performance Secrets now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Site Performance Secrets by Matt Perdeck

Additional measures

Event validation

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly