O'Reilly logo

Beginning ASP.NET Security by Barry Dorrans

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Using Query Strings, Form Fields, Events, and Browser Information

Input arrives into your Web application from various sources. Chapter 3 discussed how you should treat input, how input should be considered untrustworthy by default, how you can validate it, and how you can output it safely. This chapter introduces some of ways input can arrive, the vulnerabilities each of these vectors are susceptible to, and how you can mitigate against them.

In this chapter, you will learn about the following:

  • How to pass input via query strings

  • How to use hidden form fields

  • How forms can be hijacked

  • How the ASP.NET event model works

  • How to avoid common mistakes with browser information

USING THE RIGHT INPUT TYPE

HTTP allows input into your application in the following four ways:

  • The query string

  • Form fields

  • HTTP headers

  • Cookies

The base class for ASP.NET pages, Page, contains a property, Request of type HttpRequest. When your Page class is created by ASP.NET, you have access to the Request property. It is initialized and contains the various inputs sent as part of the page request, as well as other information provided by the ASP.NET run-time (such as the identity of the user, whether the page has been requested over SSL, and so on). The Page class also contains a Response property that allows you to manipulate the response being sent when your page has finished processing.

QUERY STRINGS

A query string is the part of a URL that contains data to be passed to a Web application as part of a request. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required