post back from saved page on the disk

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello All,

I would like to prevent users from posting data through the saved page at
their disk.
Like a web page is saved to their c: drive and user opens it , change/remove
validation code and then submit.

This is not about clicking submit buttuon twice.

Any help on this?
 
check for HTTP_REFERER server variable.
it wont be available if the form was posted from locally
saved file.
 
check for HTTP_REFERER server variable.
it wont be available if the form was posted from locally
saved file.

hi,
most firewalls block HTTP_REFERER info so a normal user may not be able to
access your page this way.

If validation is from ASP.NET validation control there is a better way. You
can use Page.Isvalid to perform the validation again in server side.

Could you tell more about your validation code ?

- Oytun YILMAZ
 
asp.net User said:
Hello All,

I would like to prevent users from posting data through the saved
page at their disk.
Like a web page is saved to their c: drive and user opens it ,
change/remove validation code and then submit.

This is not about clicking submit buttuon twice.

Any help on this?

Don't ever rely on client-side validation for web apps. *Always* validate
everything on the server-side again.

Cheers,
 
Anoj said:
check for HTTP_REFERER server variable.
it wont be available if the form was posted from locally
saved file.

That is unpredictable. It takes just one proxy server and voilà -- you get a
Referer header. Never rely on the Referer header.

Cheers,
 
Thanks for reply.

This is not only for validation, "validation" was just an example.

I just want to prevent user from sending data from their saved page.

I am looking for any config setting if available, like for viewstate
ASP.NET has given enableViewStateMac setting.

Thanks
 
suresh_C# said:
Thanks for reply.

This is not only for validation, "validation" was just an example.

I just want to prevent user from sending data from their saved page.

I am looking for any config setting if available, like for viewstate
ASP.NET has given enableViewStateMac setting.

OK -- but what is your motivation to do that? Also, does your application
require authentication or is ti used anonymously?
 
Hi
This is not only for validation, "validation" was just an example.

You should always use the real situation when asking a question, otherwise
people will answer the question you asked rather than the question you
meant. :-)


--
Pete
====
Audio compression components, DIB graphics controls, FastStrings
http://www.droopyeyes.com

Read or write articles on just about anything
http://www.HowToDoThings.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top