Avoid storing sensitive data in view state

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Avoid storing sensitive data in view state. View state is not designed for storage of sensitive data, and protecting the data with encryption adds to performance overhead. If you need to manage sensitive data, maintain it on the server; for example, in session state.

If your view state does contain sensitive data, you should consider protecting it against eavesdropping.

References

Personal tools