Solved

Can the max length on an asp.net text box control be changed before the page is submitted for postback?

Posted on 2016-09-03
2
38 Views
Last Modified: 2016-09-03
I have an Asp.net web form with several text box controls on it. Each text box control has a limit on the number of characters
that can be entered into each text box. Below is an example where the size is limited to 10 characters of input.
Is it possible for a hacker to change the value for the max length of the text box control? It seems to me that somehow if the hacker
were able to do a view source, and then change the field size by manually changing the html page. That he could do that and then submit the web form.



<asp:TextBox ID="TextBox1" runat="server" MaxLength="10"></asp:TextBox>
0
Comment
Question by:brgdotnet
2 Comments
 
LVL 29

Accepted Solution

by:
Olaf Doschke earned 500 total points
ID: 41783173
That's true, a hacker can even submit a POST request without using the html form itself at all, once the inputs and their names are known anything could come over. For that reason a client side javascript validation of input can only be helpful to a normal user but never be trusted to only get valid posted data.

The whole concept of validation is well explained here:
https://msdn.microsoft.com/en-us/library/aa479045.aspx

Bye, Olaf.
0
 
LVL 2

Author Closing Comment

by:brgdotnet
ID: 41783306
Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now