post back from saved page on the disk

G

Guest

Hello All,

I would like to prevent users from posting data through the saved page at
their disk.
Like a web page is saved to their c: drive and user opens it , change/remove
validation code and then submit.

This is not about clicking submit buttuon twice.

Any help on this?
 
A

Anoj kumar

check for HTTP_REFERER server variable.
it wont be available if the form was posted from locally
saved file.
 
O

Oytun YILMAZ

check for HTTP_REFERER server variable.
it wont be available if the form was posted from locally
saved file.

hi,
most firewalls block HTTP_REFERER info so a normal user may not be able to
access your page this way.

If validation is from ASP.NET validation control there is a better way. You
can use Page.Isvalid to perform the validation again in server side.

Could you tell more about your validation code ?

- Oytun YILMAZ
 
J

Joerg Jooss

asp.net User said:
Hello All,

I would like to prevent users from posting data through the saved
page at their disk.
Like a web page is saved to their c: drive and user opens it ,
change/remove validation code and then submit.

This is not about clicking submit buttuon twice.

Any help on this?

Don't ever rely on client-side validation for web apps. *Always* validate
everything on the server-side again.

Cheers,
 
J

Joerg Jooss

Anoj said:
check for HTTP_REFERER server variable.
it wont be available if the form was posted from locally
saved file.

That is unpredictable. It takes just one proxy server and voilà -- you get a
Referer header. Never rely on the Referer header.

Cheers,
 
G

Guest

Thanks for reply.

This is not only for validation, "validation" was just an example.

I just want to prevent user from sending data from their saved page.

I am looking for any config setting if available, like for viewstate
ASP.NET has given enableViewStateMac setting.

Thanks
 
J

Joerg Jooss

suresh_C# said:
Thanks for reply.

This is not only for validation, "validation" was just an example.

I just want to prevent user from sending data from their saved page.

I am looking for any config setting if available, like for viewstate
ASP.NET has given enableViewStateMac setting.

OK -- but what is your motivation to do that? Also, does your application
require authentication or is ti used anonymously?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top