locked
Safety of data controls RRS feed

  • Question

  • I have recently begun using some of the data controls in ASP.NET (GridView, DetailsView). They are certainly very feature-rich compared to having to implement such layouts from scratch. But I have a couple related questions about the safety of using them.

    Visibility: If I hide a GridView or a DetailsView in a asp:panel or asp:placeholder (visible="false"), am I safe from attempts from a user who tries to display it? In other words, is there a postback URL or other action they can invoke that would force it to display, or is its visibility totally under the developer's control?

    Disabling Insert/Edit: Likewise, if I do not expose a Insert or Edit button [e.g. AutoGenerateInsertButton/AutoGenerateEditButton = "false"], is that sufficient to prevent inserting/editing, or is there a way that a user could circumvent this by knowing what postback to issue?

    (Both of the above assume that I'm using the runat="server" tag)

    My apologies if these are elementary questions. I checked the FAQs and the MSDN documentation for the GridView and DetailsView controls just in case and wasn't able to find anything that addressed these topics, so I hope it's a new question for the forum!

     

    Thank you in advance.

    Gregg

     

     

    • Moved by Jie Bao Tuesday, March 8, 2011 6:21 PM (From:Windows Forms Data Controls and Databinding)
    Monday, March 7, 2011 9:05 PM

Answers

All replies