Solved

Can the max length on an asp.net text box control be changed before the page is submitted for postback?

Posted on 2016-09-03
2
46 Views
Last Modified: 2016-09-03
I have an Asp.net web form with several text box controls on it. Each text box control has a limit on the number of characters
that can be entered into each text box. Below is an example where the size is limited to 10 characters of input.
Is it possible for a hacker to change the value for the max length of the text box control? It seems to me that somehow if the hacker
were able to do a view source, and then change the field size by manually changing the html page. That he could do that and then submit the web form.



<asp:TextBox ID="TextBox1" runat="server" MaxLength="10"></asp:TextBox>
0
Comment
Question by:brgdotnet
2 Comments
 
LVL 29

Accepted Solution

by:
Olaf Doschke earned 500 total points
ID: 41783173
That's true, a hacker can even submit a POST request without using the html form itself at all, once the inputs and their names are known anything could come over. For that reason a client side javascript validation of input can only be helpful to a normal user but never be trusted to only get valid posted data.

The whole concept of validation is well explained here:
https://msdn.microsoft.com/en-us/library/aa479045.aspx

Bye, Olaf.
0
 
LVL 2

Author Closing Comment

by:brgdotnet
ID: 41783306
Thank you.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question