No you can't. But it isn't the ASP that you have to worry
about,...they never see the ASP since it is all "server-side". The
only thing that loads into the browser is "client-side" script and the
HTML. Your Form and the Hidden Fields are ultimately just HTML (not
ASP).
The form fields that are not "hidden" aren't any big deal since it is
no secret what those are anyway, but the hidden fields can be replaced
with Session Variables which they cannot see. This still doesn't
prevent them from recreating their own form and submitting it, but it
will limit them to only being able to use the normal visible fields
when they do it.
As long as you use content/error checking on the submited data using
server-side code to prevent erroneous data, they aren't going to be
able to do anything with their "custom" form that they wouln't have
done with your original form anyway, so their little deed doesn't hurt
anything.
I've had to do the same as they for legitimate reasons before. I had
to download a patch from a Vendor that used a Form and a ton of
"client-side" javascript that was so full or crap and screwed up that
the page wouln't run right and the Form wouldn't submit properly. The
only way to get my download was to gater the Form's Name, Method, and
Action and find all the Fields, then build my own extremely simple
HTML version of the Form and submit it to get my download. So nothing
was harmed and it was the only way around the worthless pile of crap
code that they had built the page with.
--
Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com
"Klaus Ambrass" <ka*@it.stam.dk> wrote in message
news:Xn*********************@212.88.64.226...
Hi all,
I write applications for my company's intraweb, and recently we've
had some eager users trying to get at some data they shouldn't. The way they
did it was to look at the pages input tags and hidden fields to construct
their own URLs.
Aside from poor design (which is being changed) - how can I scramble
the page, so as the users can't simply use "View Source" from the menu?
Is there a switch or component I can activate/install i ASP, can I
change the ContentType or something else?
It need to not be totally secure, just enough to fend off the
nosiest of my user herd.
--
Klaus Ambrass
IT - Storstrøms Amt
ka*@it.stam.dk