T
TT
As title
As title
1) Assume I have an asp page (insertRecord.asp) on my server, the page
simply do somthing if request.form("FormAction")="save", then insert a
record in db. 2) I create a html page locally saved in my own hard
disk and the page contains the tag <FORM name="LocalPage"
action="https://server/insertRecord.asp" method="post">, then I SUBIMT
it to the server's insertRecord.asp.
3) The result: It works!!!
Question:
How can I prevent this case?
The Problem is that user can edit the html page which located in his
hard disk and then submit it to my asp on the server.
Any server variable or other means can check and prevent the user to
do this?
What I want to do is:
- "PREVENT the user who edit the html page which is the response of my
asp". After editing from his local version and then submit to my
server's asp. As a result, he can overcome some logic or hidden value
in my previously responsed html page.
e.g. The responsed html page has a hidden value (record id) in the
html page. The user save the html page to local, then modify the
hidden id and submit it again. As a result, he may be able to update
another record (which he is suppose not be able to view or edit)
TT said:As title
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.