Hi Guys, I have to develop an application in such a way that from a ASP.NET page I am calling an ASP page(Just to reuse the old codes). Actually in ASP Page I am generating a crystal report. But I have to pass parameters to ASP page that will be needed for report generation(Like start date, end date etc). I am passing parameters to the ASP page with the help of Query String. But Query String is not the securest of method to be used. So what u guys can suggest. One simple way would be encryption.But it will require an extra overhead. I have tried passing parameters using session variable but it is not possible to pass session variables between an ASP page and ASP.NET page
Can you modify your old ASP pages? If you can, then the best way is transfer secure information via database.. That is how I have did it few times: 1) Create temp table in your DB. Set Uniqueidentifier to key field 2) Insert data in Asp.net page into that new table. Retrieve guid (key) for inserted rows 3) Call your old ASP-page with that guid in request params. Like: www.oldpage.asp?rowId=2s13e-sad3422-asd233 4) In your old ASP-page take guid from request and retrieve data from Database. This might not be fastest/easiest way, but it is secure.
why the Query String is not secure? As I understand the user inputs parameters which are used to generate the report if so then you r already useing Query String when you collect values from the form.