Ad

Is It Safe To Store Credit Card And Pricing Information In ViewState Even Over Ssl?

- 1 answer

I have a page with private properties that are storing a credit card object and a shopping cart object in viewstate so I can maintain a reference to them across postbacks. By the way, the page involved will be using SSL.

Is this safe?

Ad

Answer

I wouldn't store sensitive information in viewstate ... ever. By doing so, you are delegating security to the implementation of the browser for protecting your customers' data. Vulnerabilities like cross-site scripting (XSS), URL-redirection attacks, and so on could expose this sensitive data to intrusion, theft, or spoofing.

If you are storing such details across postbacks, you should re-evaluate your design - and find a way to avoid doing so.

Ad
source: stackoverflow.com
Ad