EventValidation turned off

Posted on 2012-09-10
Last Modified: 2012-09-14

It is recommended in msdn not to turn off the event validation property for an web page. Can an expert tell me the real dangers involved in turning off this page property?
Question by:aghdennis
    LVL 21

    Expert Comment

    by:Dale Burrell
    LVL 18

    Accepted Solution

    The StackOverflow question above gives a great explanation of why it is a bad idea. If malicious users can bypass validation they can send anything to your database. Once they can add values and possibly inject code that can damage your application, database, or steal your data your site essentially belongs to the malicious user.

    Author Comment

    Thanks all. I was handling the doPostBack function manually via javascript but could not allocate a value to the eventArgument of the input type hidden field due to an error regarding RaisingEventValidation. However when I turned eventvalidation off, it worked. I was therefore trying to weigh the loss in security when the property is turned off.

    Thanks guys for your contribution.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now