Help on validation process?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear all,

I have read that ASP.NET does double user input validation of control when
they are place on the page. Once on teh client side and again from server
side right ?

Could explain how this process is exaclty working ?

regards
thnaks for your help
Serge
 
Serge,

All of the .NET validators attempt to validate each control client-side in
order to save a trip to the server. This is done so that the user experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running the
validation javascripts better the user experience, but still makes certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
 
Thnaks for your reply

Have you heard about those spaming method of hacker which make you feel that
your are on your bank home page but in fact its there own in order to
collects data or destroy your system....

Does this ASP cross check validation on client and server side can prevent
from such thing happen ?
 
Serge,

I assume you are referring to what is commonly known as cross site scripting
or XSS. Yes the validators are one line of defense against this. For example
if your page is allowing a number to input you should use a
CompareValidator. If you set the CompareValidator's Operator property to:
DataTypeCheck you can then set it's Type property to String, Integer,
Double, etc. For the example I'm giving you would set it to integer and then
nothing but an integer would be able to be submitted to the page. This would
stop an XSS attack.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
 
no. the serverside validation performs two function, support browsers other
than IE (or ir has scripting turned off), and allow validation where
serverside code must be run to perform the validation.

-- bruce (sqlwork.com)
 
Back
Top