ViewStateMac Errors

Discussion in 'ASP .Net Security' started by JimF, Jan 2, 2008.

  1. JimF

    JimF Guest

    We have an application that is persisting ViewState to a SQL database and
    thus all of our pages only have a GUID for the view state hidden field. We
    are also getting ViewStateMac errors under certain conditions, like using the
    Back button, which we seem to not have control over.

    1. A user can not do ViewState injection since WE are storing the viewstate
    server side. (At best, they could only replace the GUID with a different one
    and the odds of them finding an unexpired GUID is worse than winning the
    lottery...)
    2. My understanding of ViewStateMac is that it is a Digest of the ViewState,
    plus some secret key stuff.

    So, (finally), my question is, from a security standpoint, how necessary is
    it to use ViewStateMac when the content of the ViewState is not going back to
    the user?

    Thanks in advance.
     
    JimF, Jan 2, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark Goldin

    Errors, errors, errors

    Mark Goldin, Jan 17, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    965
    Mark Goldin
    Jan 17, 2004
  2. SenthilVel
    Replies:
    0
    Views:
    947
    SenthilVel
    Jun 7, 2006
  3. George1776

    Out-of-memory errors and caching errors.

    George1776, Aug 28, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    1,299
    George1776
    Sep 14, 2006
  4. Lance Wynn
    Replies:
    1
    Views:
    1,850
    Lance Wynn
    Feb 3, 2008
  5. yawnmoth
    Replies:
    97
    Views:
    4,728
    Bent C Dalager
    Feb 27, 2009
Loading...

Share This Page