John W. Colby
jwcolby at colbyconsulting.com
Sun Oct 2 23:21:11 CDT 2005
LOL, Stuart, are you SERIOUSLY saying I should worry about tens of kilobytes of useless junk moving around the web when people are downloading video and audio streams with hundreds of kbytes per SECOND, times millions of such users? Oh my, I think I'll just rush right out there and redesign my site... Or is this just a soapbox thing about how the evil empire is conquering the universe "tens of kilobytes" at a time? John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of stuart at lexacorp.com.pg Sent: Sunday, October 02, 2005 11:12 PM To: Access Developers discussion and problem solving Subject: Re: [AccessD] OT Question that will be simple for those that know On 2 Oct 2005 at 22:11, Bryan Carbonnell wrote: > On 02/10/05, Jim Lawrence <accessd at shaw.ca> wrote: > > Within many web pages there is starting to appear a piece of code > > which is curious. It looks like encrypted imbedded coding created by > > some obfuscating tool. > > > > The block starts like 'value="dDwtNjIxMjI0NzQwO3Q8O2w8aTwwPjtpP.... > > and so on for, sometime 1000 plus characters. I would look it up on > > the internet but do not know even how to describe it. > > > > Is this the result of an obfuscating process for ASPX pages? Yes, I > > am designing in ASP.Net and no, I have never run across this before. > > (The disadvantages of being self-taught.) > > The only time that I have ever seen this is when a PostNuke site that > I run was hacked. it too me about 3 days to "decode" it (don't ask me > how I did it, I don't remember) and it was a redirect to or from a > Warez site. > Tell that to JC, he's got one on the Home page of his new his site :-) <quote> <input type="hidden" name="__VIEWSTATE" value="VUI/M........ (18 lines of characters stripped) </quote> >From http://aspalliance.com/articleViewer.aspx?aId=135&pId= ViewState is used to track and restore the state values of controls that would otherwise be lost, either because those values do not post with the form or because they are not in the page html.. Also http://jroller.com/page/javadujour?entry=viewstate_is_evil_jsf_is: _viewstate is evil, or why JSF is better than ASP.NET ASP.NET uses nasty _viewstate hidden field to track application state. For some reason MS geniuses thought that storing data in the session puts too much load on a web farm, so they decided to spread the load over the Net. Of course, they themselves know different ways to track the state, and they suggest developers to weigh all pro and cons and either to use _viewstate, or to turn it off and use session, or even to use persisted-to- database state. But who would bother analysing, if most example code contains _viewstate? The consequences are devastating: * tens of kilobytes of useless junk (especially if you display bunch of rows of data) are moved around the Net * all pages must be HTML forms to store hidden fields * a user cannot jump out from the application, and then navigate back using direct URL in the address bar, because there is nothing in the session * result page is returned immediately in response to submitted HTML form to keep hidden fields, thus clean page reload is impossible and results in double submit. -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com