• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

prevent modification of hidden field values ...

Hi!

In my .aspx page, in a form, there are a few hidden fields which are being used, which I use to

store information. Now, its always possible for a rogue user to view the source html/jscript of a

page and modify some values and submit the form with doctored data ... I was wondering whether

there is built in functionality in ASP.NET to prevent this behaviour - specifically, preventing a

user from manually modifying the values for hidden fields (e.g, saving the page on his local

disk, modifying the values keeping the form's ACTION url the same, then opening up the doctored

version in a browser and pressing submit).

thanks :)
muskad202
0
muskad202
Asked:
muskad202
  • 2
  • 2
1 Solution
 
nauman_ahmedCommented:
If your application is in VS.NET 2005 you can use aspnet_compiler.exe utility to compile your application. This utility compile even the ASPX pages in the respective dll. The physical ASPX file contains no HTML entries; the HTML code get generated on runtime.

--Nauman.
0
 
nauman_ahmedCommented:
VS.NET 2005 or ASP.NET 2.0

-Nauman.
0
 
muskad202Author Commented:
but in the generated html, hiddenfields would yet be present. when the user presses submit, the only way the asp.net application can retrieve the value of thos hidden fields is through the data which was "POST"ed via the form (since i dont think it maintains any sort of session variables or something for hidden fields). So, if it relies on the POSTed data for containing the values of the hidden fields, then someone can manipulate the data being POST-ed. I was hoping there would be some sort of encrypted data on the form which asp.net would use to retrieve the hidden field values, rather than using the normal HTML Hidden Fields.

muskad202
0
 
SammyCommented:
Why dont you encrypt the hidden fields values and decrypt them when you need to?
Asp.net doesnt provide a way to do what you asking for out of the box
created a shared class to do the encryption and decryption this way you can call its memebers from anywhere in your app.
HTH
0
 
muskad202Author Commented:
ok .. i had thought of that .. but wsa hoping there would be a simpler way to do it.

thanks :)
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now