.NET MVC + Sensitive Data

Question

.NET MVC + Sensitive Data

I am repeating through a list of user data objects and displaying the data on the screen as a page. Each element should provide the ability to edit details (redirection to another view) and delete data. To do this, I will need to pass an identifier of some type to identify the record that will be updated or deleted. I do not want to include this identifier in plain text in the route values, but I do not understand how to implement this functionality. I have two ideas, but I'm not sure that they will be viable.

Create a random key for each identifier each time a list is created, and save the key / identifier combination in the session. Then I could pass the key in the route values and capture the key when the user clicks an action. it seems like a lot of work.
Wrap the “change” and “delete” options on the form, where I can use hidden input to transfer data through POST. However, this seems less desirable.

Is there any standardized way to use sensitive data in a View / Controller relationship when I work with more than one item on a page?

+3

.net model-view-controller

jimbo Dec 15 '09 at 17:34

source share

1 answer

Al Katawazi · Accepted Answer · 2009-12-21T21:30:09+0000

, . . :

public ActionResult RenderPage()
{
   CustomerInformation customerInformation = CustomerInformation.GetCurrentCustomer(); 
   customerInformation.SocialSecurityNumber = MyNamespace.Utilities.Encrypt(customerInformation.SocialSecurityNumber);
   return View(customerInformation);
}

.

public ActionResult SubmitData(CustomerInformation customerInformation)
{
   customerInformation.SocialSecurityNumber = MyNamespace.Utilities.Decrypt(customerInformation.SocialSecurityNumber);
   return View();
}

, , , . , HTTPS, .

.NET MVC + Sensitive Data

More articles: