muskad202
asked on
prevent modification of hidden field values ...
Hi!
In my .aspx page, in a form, there are a few hidden fields which are being used, which I use to
store information. Now, its always possible for a rogue user to view the source html/jscript of a
page and modify some values and submit the form with doctored data ... I was wondering whether
there is built in functionality in ASP.NET to prevent this behaviour - specifically, preventing a
user from manually modifying the values for hidden fields (e.g, saving the page on his local
disk, modifying the values keeping the form's ACTION url the same, then opening up the doctored
version in a browser and pressing submit).
thanks :)
muskad202
In my .aspx page, in a form, there are a few hidden fields which are being used, which I use to
store information. Now, its always possible for a rogue user to view the source html/jscript of a
page and modify some values and submit the form with doctored data ... I was wondering whether
there is built in functionality in ASP.NET to prevent this behaviour - specifically, preventing a
user from manually modifying the values for hidden fields (e.g, saving the page on his local
disk, modifying the values keeping the form's ACTION url the same, then opening up the doctored
version in a browser and pressing submit).
thanks :)
muskad202
VS.NET 2005 or ASP.NET 2.0
-Nauman.
-Nauman.
ASKER
but in the generated html, hiddenfields would yet be present. when the user presses submit, the only way the asp.net application can retrieve the value of thos hidden fields is through the data which was "POST"ed via the form (since i dont think it maintains any sort of session variables or something for hidden fields). So, if it relies on the POSTed data for containing the values of the hidden fields, then someone can manipulate the data being POST-ed. I was hoping there would be some sort of encrypted data on the form which asp.net would use to retrieve the hidden field values, rather than using the normal HTML Hidden Fields.
muskad202
muskad202
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok .. i had thought of that .. but wsa hoping there would be a simpler way to do it.
thanks :)
thanks :)
--Nauman.