Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can the max length on an asp.net text box control be changed before the page is submitted for postback?

Posted on 2016-09-03
2
Medium Priority
?
81 Views
Last Modified: 2016-09-03
I have an Asp.net web form with several text box controls on it. Each text box control has a limit on the number of characters
that can be entered into each text box. Below is an example where the size is limited to 10 characters of input.
Is it possible for a hacker to change the value for the max length of the text box control? It seems to me that somehow if the hacker
were able to do a view source, and then change the field size by manually changing the html page. That he could do that and then submit the web form.



<asp:TextBox ID="TextBox1" runat="server" MaxLength="10"></asp:TextBox>
0
Comment
Question by:brgdotnet
2 Comments
 
LVL 30

Accepted Solution

by:
Olaf Doschke earned 2000 total points
ID: 41783173
That's true, a hacker can even submit a POST request without using the html form itself at all, once the inputs and their names are known anything could come over. For that reason a client side javascript validation of input can only be helpful to a normal user but never be trusted to only get valid posted data.

The whole concept of validation is well explained here:
https://msdn.microsoft.com/en-us/library/aa479045.aspx

Bye, Olaf.
0
 
LVL 2

Author Closing Comment

by:brgdotnet
ID: 41783306
Thank you.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Integration Management Part 2
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question