[英]Exposing server-side state through client-side controls in ASP.net
Hopefully this isn't a redundant question--I'm not really sure how to word it. 希望这不是一个多余的问题-我真的不确定如何措辞。 Let's say I have a list of items on an ASP.net page. 假设我在ASP.net页面上有一个项目列表。 That list is selectable in that whenever the user clicks on one, the page does a postback and the server code stores the index or some unique identifier of the picture in a ViewState property indicating that it is currently selected. 该列表是可选择的,因为每当用户单击一个列表时,页面都会进行回发,并且服务器代码将图片的索引或某些唯一标识符存储在ViewState属性中,指示当前已选择该图片。
I would like to minimize the load on the server and therefore I would like to store the index or unique identifier representing the image in some way on the client side. 我想最小化服务器上的负载,因此我想以某种方式在客户端存储代表图像的索引或唯一标识符。 The best way I can think to do this is to store said information in a hidden field ), however I had two questions about this before I go crazy: 我可以想到的最好方法是将所说的信息存储在一个隐藏的字段中,但是在发疯之前,我对此有两个问题:
Is this a security risk in any way, shape or form (ie, exposing implementation details of the page)? 这是否以任何方式,形状或形式(即,公开页面的实现细节)存在安全风险?
Is there a better/best way to do this that is more industry-standard? 有没有更好的/最好的方法来达到行业标准? Does ASP.net provide a framework to do this that is cleaner than my idea? ASP.net是否提供了一个比我的想法还干净的框架? Seems like this would be a fairly common requirement to me... 看来这对我来说是一个相当普遍的要求。
I have been working in ASP.net for about two years now. 我已经在ASP.net中工作了大约两年了。 Please, be kind :-) 请,请客气:-)
Best, Patrick Kozub 最好,Patrick Kozub
The only security risk would be if some list items must remain non-selectable. 唯一的安全风险是某些列表项必须保持不可选择状态。 It sounds like that is not the case in your situation. 听起来情况并非如此。 The user already knows the information, because he or she already selected the item. 用户已经知道该信息,因为他或她已经选择了该项目。
NOTE: If the server ever does anything with that information and pulls it back from the user, then you must validate the index value. 注意:如果服务器使用该信息执行任何操作并将其从用户那里拉回,则必须验证索引值。 Otherwise, the user could change it to an invalid index, such as (-2), and trigger an exception. 否则,用户可以将其更改为无效索引,例如(-2),并触发异常。
You can store the index (or related value) in a global javascript variable. 您可以将索引(或相关值)存储在全局javascript变量中。 If you're avoiding a trip back to the server, .NET doesn't really have a role to play. 如果您避免返回服务器,则.NET实际上并没有扮演任何角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.