B
Bashar Naffa
Hi all,
I'm wondering how can i prevent this scenario:
I have asp.net application , not using any kind of asp.net secuirty models [
neither Windows Nor Forms Auth].
Client can save a complete copy of the web site locally, he can change any
Javascript funciton , then chnage the Action attribute in the form tag to
point to the same page again, & it will submit .
My question is: i want to access my website only within my web site links or
requests, i don't want to accept the previous scenario, also i don't want to
accept any custom http request come out of my internal web site.
i can't depend on HTTP Reffer , because it's easily can be change through
http sniffing tools or Packets editor tools.
any Advice ???
Bashar
I'm wondering how can i prevent this scenario:
I have asp.net application , not using any kind of asp.net secuirty models [
neither Windows Nor Forms Auth].
Client can save a complete copy of the web site locally, he can change any
Javascript funciton , then chnage the Action attribute in the form tag to
point to the same page again, & it will submit .
My question is: i want to access my website only within my web site links or
requests, i don't want to accept the previous scenario, also i don't want to
accept any custom http request come out of my internal web site.
i can't depend on HTTP Reffer , because it's easily can be change through
http sniffing tools or Packets editor tools.
any Advice ???
Bashar