Geek Answers Handbook

Sensitive data in ViewState?

I need to store sensitive data on multiple pages (run https) per session.

I cannot use the session object, because the main reason is that the session store is designed in the same way as the backup store (first of all, make service calls and load the session). If the session was restarted, or in other words, that the key does not exist in the session, perform the service and repopulate the session.

Thus, if the user uses confidential data, I need to transfer this data forward through the pages, we do not have a permanent storage, so the left option stores this confidential data in ViewState.

1) Should I encrypt the data and store it then in the ViewState (not recommended - sec and perf) OR 2) Should I store the data in a serializable class and store it in the ViewState? (not recommended again due to performance)

Any opinion please?

+4
source share
7 answers

I need to store sensitive data across several pages (https mileage) per session.

ViewState is installed and maintained at the page level. It cannot be transferred to different page requests, but only to the reverse transfer of the current page. Assuming that you really mean that you need to transfer data β€œacross multiple pages,” and not back.

You may store your sensitive data in a cookie, but this has some security risks.

You can also store your sensitive data in the server-side data warehouse (xml file, database, etc.) and store the data key in the client-side cookie. A little safer.

+4
source

Well, the general answer is: do not do this! Although the viewstate (may be) encrypted, it is not intended to store sensitive data. The reason is that data in the form of a viewstate can be collected by a third party and later decrypted.

But this does not mean that you should not do this ... :-) Firstly, your connection exceeds https, so everything that you transmit is already encrypted. This means that collecting sensitive data will be very difficult. If a third party steals your sensitive data, it will first have to decrypt the connection, and THEN decrypt the view. Thus, it will be much easier for an attacker to use other approaches to obtaining your data (for example, to deceive users, phishing, etc.).

So, to ensure the security of your data, I will remain, to store them in an encrypted form and using https should be enough.

The choice between 1) and 2) should not have or have little effect on performance. When you store an object in a viewstate, the object is serialized and then saved, so no matter which approach you choose, the data is serialized for you. Designing a class to store your data sounds like a clean approach, so I would suggest this. You might even want to create a class that stores your sensitive data in encrypted fields to make it harder to get sensitive information, but it will cost even more performance.

+1
source

Given that you're talking about a decent amount of effort to write code to get it working safely and reliably with viewstate, you should consider putting that time and effort into simply creating a server-side data warehouse.

You already have a certain need for one, and the effort to implement it is probably the same or less than the custom viewstate mechanism, which is your alternative. The difference is that persistent storage may have value elsewhere in the application or later when developing other functions ... while the viewstate mechanism does not add value outside the immediate scope of a single requirement.

It would be rather trivial to abandon a simple MS Access data file on the server, or you can even just add XML or text files and write your data. It’s not much more than going to light relational stores like SQL Express, VistaDB or even MySQL

+1
source

If you are using 2.0, you can encrypt the viewstate state. See Channel9 article . AES is good enough encryption for the US military and federal government. Although DES can be hacked within hours, AES requires 150 trillion (since 2001) to crack AES. Even with faster and more distributed equipment, your browsing repository is not worth the resources that an attacker needs to crack. If you do not think that machine keys are in any way insecure, I’m not sure what security encryption is.

In terms of performance, a viewstate with sensitive data is a trade-off between storing data on the side of an important memory server or using valuable processor cycles to encrypt data (especially in version 2.0, where you can configure a β€œ server view window ”). You can collect some empirical data with your workload and specific equipment to find out what the true tradeoffs are. If it’s not too late to create an application for storing state in a session instead of viewstate, you can also consider SqlSessionStore, which is secure (server-side) and does not use large memory on the server side.

If you use 1.1, then all the discouraging tips about placing sensitive data in the viewstate are 100% correct, because decoding the viewstate from 1.1 (or the unencrypted view from 2.0 in this case) is a trivial task.

+1
source

Maintaining moderate amounts of data in a view, regardless of whether you use a serializable class, should not be a performance issue.

You will need to use encryption to protect data values ​​in the view. Again, performance should not be a concern for modest amounts of data. See this page for details on how to enable viewstate encryption.

0
source

Sensitive data should not be stored in ViewState, as it can be easily deserialized.

But you also said that the page was launched over https, so the question you should answer is this; Who does the data relate to? The user who accesses the page? Then you need to encrypt it.

If this is not the case, you should be fine because you are using https.

0
source

With all the security leaks due to the fact that the developers did not think it could happen, I do not think that someday I will store confidential information in the viewstate. Encrypted or not.

You cannot control the user environment, so you cannot control what REALLY will have access to this "sensitive" information.

0
source

More articles:


All Articles