Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Request.QueryString is not very safe. Incase someone is logged in.
Just by typing in the URL
myaccount.aspx?custId=10
One can get the information of another Customer.
So its not safe at all. The reason for posting this was because, I wanted an alternative way of passing customerId between pages. Perhaps encrypt it?
Really for myaccount.aspx you shouldn’t need to a user to pass their ID in as a parameter.
As others have said, use Membership. Or create a hash (an encypted value) of a user’s ID and password and save that as a cookie or in the session object. You can read that instead of an input parameter.