asp.net - Which One is More Secure between Response.Redirect or Server.Transfer on the same server -


i have been reading these 2 functions , considering pick 1 more secure. want use server.transfer because executes @ server side in sense. better use?

server.transfer("myurl.aspx?id=1");

or

response.redirect("myurl.aspx?id=2");

update:

my question based on client side data security comes previous page rather url change.

tl;dr: neither server.transfer or response.redirect offers security advantages on other. recommend not using server.transfer @ all, anti-pattern of modern http/web resource base paradigms, further explanation on below. use response.redirect , focus on authorization/identity security concerns.

neither offers more security other. server/endpoint still allows http/https requests, request can sent server malicious client.

you should prefer response.redirect on server.transfer. server.transfer asp.net web forms "code smell". asp.net web forms has never respected http, restful, stateless, resource request web paradigms, the web built on, obviously.

server.transfer old method. server.transfer maintains original url in browser. can streamline data entry wizards, make confusion when debugging.

maintaining original url perfect example of asp.net web forms doing wants, making life easier in short term impacting maintainability of software in long term. maintaining original url perfect example of going against grain of http/web protocols. prevents user sharing resource url. and, if plan on url never being shared, there 1 use case still helpful user/system/exception handling able share url , provide correct place/resource user on, @ time of error or issue or user question, customer service/troubleshooting/debugging better serve user/customer/client.

server.transfer example of shortcut, has no security advantages, server/endpoints exposed on port 80 client requests whether responding different resource (server.transfer) or telling client redirect (response.redirect) , request resource.

regarding "skipping" round trip advantage of server.transfer on response.redirect, small benefit considering server.transfer web anti-pattern explained above. guides developers less elegant web systems architecture rather well.

regarding second parameter of server.transfer, perserveform, setting perserveform true maintain form , query string , still available next page sending user not advantageous enough warrant use because impacts long term maintainability of web application.

perserveform anti-pattern stateless, restful, resource based modern web applications/paradigms have been discussing above. if need maintain form state, across requests, should done on client local storage, not responsibility of server maintain state each client. perserveform yet example of asp.net web forms, trying make things easier developer in short term making code overly complex , difficult maintain , debug in long term.


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more