Is it safe to use the attributes collection of a web control to store extra data?
e.g.
DropDownList ddl = new DropDownList();
ddl.Attributes.Add("ExtraData", "SomeData");
views:
36answers:
2
+1
A:
I would recommend against it as these attributes may be prone to tampering. Instead, you should have a list of objects on the server in which each object stores both the drop down text data as well as the extra data in it.
You can then use the index of the drop down to determine which object in your list on the server is selected. Typically, frontend controls should never contain anything but display data and indexes if you can help it. This is why datagrids have a data index column, so you can retrieve the index of the record that corresponds to the row. The record itself is not stored in the grid, only its fields are displayed.
Soviut
2009-07-15 23:52:15
A:
It will (most probably) safely arrive at the browser, but everything can be altered there. So anything you get back from the browser cannot be relied upon unless you sign it properly e.g. with a hash of your data + a secret.
With something like:
HASH_FUNCTION(DATA + SECRET), DATA
you can check on the server if somebody has tampered with your data.
stefanw
2009-07-15 23:54:53
I've found another way to accomplish what i was after but that is good to know, thanks.
Chris Herring
2009-07-16 04:38:20