Re: ASP.Net DropDown Security
- From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
- Date: Tue, 11 Jul 2006 08:30:43 -0400
Any data you attempt to include in form submissions to help detect changes
of this type will also be spoofable in the same way. Your best protection
against on-the-wire data modifications would be to use HTTPS.
"anoop" <anoop@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B40A5C90-E5AB-4091-B7DE-012142AA99D7@xxxxxxxxxxxxxxxx
Hello,
I have .aspx page which has a dropdown. The Dropdown has 10
values. Now If I say Select 10th Value at client Side , submit the form
and
Intercept the Form by using an Intercepting proxy (BURP PROXY). Now if I
change the corresponding passed value of dropdown to an invalid value such
as
' or '1'='1 and Press the Forward button of the Interceptor. Now the
Result is
The Value of the Dropdown changes to the First Value.
Now :
Initial Value - 10th value of dropdown
Final Value - 1st Value of dropdown
Now How can I validate this value so that If anyone gives invalid value
after Form is submitted from the Client Side by intercepting, The Form
should give one of the result
1. It should give user defined error
2. The Value remain selected as it is.
please help me.
Thank you
.
- Prev by Date: Re: Could not establish trust relationship with remote server
- Next by Date: using AuthorizationStoreRoleProvider directly without activating the rolemanager?
- Previous by thread: Re: Could not establish trust relationship with remote server
- Next by thread: using AuthorizationStoreRoleProvider directly without activating the rolemanager?
- Index(es):
