Is there a benefit of turning ViewState Encryption Off (asp.net IIS7)?
I understand how to turn off ViewState encryption for asp.net web applications. I want to know if I should. My question is more from a performance stand point than a security one (All of our traffic is on a private network and we do not store any sensitive data in the viewstate).
Before I dedicate hours of setting up tests scenarios, I was courious if anyone in this community has experience running apps with viewstate encryption disabled. As expected, I have found a lot of conflicting view points on the Internet. I would like to hear what you guys have to say.
- If I turn off encryption will I save any noticeable overhead开发者_JAVA百科 in the application?
- Can I expect the overall size of the viewstate to change much? I assume the encryption also compresses the data before doing the encryption.
- Can the lack of ViewState compression be counter balanced by using dynamic content compression in IIS7?
Thanks in advance for any feedback you can provide!
The main difference would probably be the CPU usage to encrypt and decrypt the view state.
However, you probably will not notice any difference, unless you have some really large datagrids, and even then the chances are small.
It may be more usefull to go through your app and make sure that viewstate is turned off for all controls where it is not required.
Turning off viewstate has been available since .net 2.0 http://msdn.microsoft.com/en-us/library/aa479501.aspx
精彩评论