开发者

EnableViewStateMac Documentation Warning?

There is a warning in the @Page directive regarding the EnableViewStateMac setting found here that states:

"Security Note This attribute should never be set to false in a production Web site."

This warning seems unconditional, regardless of the Page ViewState setting (true or false). Does this warning apply to @Pages that have EnableViewState set to false? If the warning does apply in this case,开发者_运维百科 why, when ViewState is turned completely off for the page and its child controls, is this a concern?

Upgate: The warning seems to apply, being that some doofus could drop a control that uses Control State on to a page that has ViewState = false AND ViewStateMac = false.


If there's no viewstate there's no harm in leaving it on ... and, remember, there are cases where, despite your best attempts viewstate may sneak in, under the guise of control state, so the warning still applies.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜