Can the Profile data be altered by the client?

[Christian Döring]

Hi,

I want to store a refferer id in the ASP.NET 2.0 Profile. I have read, that
you shouldn't store sensitive data in the Profile without encryption. Is it
because it is stored as clear text in the database or are there other
reasons? When I set the refferer id on the server side, can I rely on it? Or
is there any case in which data from the profile is beeing stored at client
side and therefore not safe from modification?

Thx

 

[bruce barker \(sqlwork.com\)]

its because its clear text in the database. privacy laws are requiring
better control of information. for example, one of the big credit cards
thefts was actually caused by a bank losing its backup tape and the data was
not encrypted.

you can not count the refferer id. many proxy servers strip it for privacy.

-- bruce (sqlwork.com)

 

[Christian Döring]

Hi Bruce,

you can not count the refferer id. many proxy servers strip it for
privacy.

By refferer ID I actually mean some ID that is created on the server side
and has nothing to do with the browser refferer id or any client specific
data. Sorry, this was very mistakeable!

My question still is: Is there any case in which data from the P r o f i l e
is beeing stored at client
side and therefore not safe from modification?