Solved

Can the max length on an asp.net text box control be changed before the page is submitted for postback?

Posted on 2016-09-03
2
33 Views
Last Modified: 2016-09-03
I have an Asp.net web form with several text box controls on it. Each text box control has a limit on the number of characters
that can be entered into each text box. Below is an example where the size is limited to 10 characters of input.
Is it possible for a hacker to change the value for the max length of the text box control? It seems to me that somehow if the hacker
were able to do a view source, and then change the field size by manually changing the html page. That he could do that and then submit the web form.



<asp:TextBox ID="TextBox1" runat="server" MaxLength="10"></asp:TextBox>
0
Comment
Question by:brgdotnet
2 Comments
 
LVL 29

Accepted Solution

by:
Olaf Doschke earned 500 total points
ID: 41783173
That's true, a hacker can even submit a POST request without using the html form itself at all, once the inputs and their names are known anything could come over. For that reason a client side javascript validation of input can only be helpful to a normal user but never be trusted to only get valid posted data.

The whole concept of validation is well explained here:
https://msdn.microsoft.com/en-us/library/aa479045.aspx

Bye, Olaf.
0
 
LVL 2

Author Closing Comment

by:brgdotnet
ID: 41783306
Thank you.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now