Is It Safe To Store Credit Card And Pricing Information In ViewState Even Over Ssl?
I have a page with private properties that are storing a credit card object and a shopping cart object in viewstate so I can maintain a reference to them across postbacks. By the way, the page involved will be using SSL.
Is this safe?
I wouldn't store sensitive information in viewstate ... ever. By doing so, you are delegating security to the implementation of the browser for protecting your customers' data. Vulnerabilities like cross-site scripting (XSS), URL-redirection attacks, and so on could expose this sensitive data to intrusion, theft, or spoofing.
If you are storing such details across postbacks, you should re-evaluate your design - and find a way to avoid doing so.
- → Function Undefined in Axios promise
- → React formatting dates with momentjs server side
- → AngularJS directive: "templateUrl" doesn't work while "template" works
- → how to add cannonical tag for ASPX .NET page
- → URL routing requires /Home/Page?page=1 instead of /Home/Page/1
- → ASP.NET routing w/ changing article name
- → NumericTextBox Loses Value using Html.TextBoxFor, not HTML
- → How to do Bundling of css & js files in Drupal
- → Does the fact that every page is reachable through www.example.com and www.example.com/index have any SEO impact?
- → How to add rich snippet in a website?
- → UrlRewriting does not work on server, but on localhost it works fine on asp.net?
- → Bootstrap Nav Collapse via Data Attributes Not Working