I have the need to return some data back to the server when a Submit button
is pressed on a web page. However I dont want anybody to know about the
mechanism for sending the data back, becase it could be open to abuse. For
example, if I do some javascript on the submit button, which gets this
"seceret" information and munges it onto the Action property of a Form tag,
anyone with a basic understanding of javascript would be able to work out
how to spoof my site.
While the user is viewing a certain web page, they click certain things and
this is to be tracked and returned to the server. However this is a kind of
betting site, and it is important I circumvent any abilities to cheat.
Seeing how data is submitted would be one way people could learn to cheat.
One idea I had was to include a flash object, and talk to the flash object.
Then when submit is invoked, get the data out and send. But this idea fails
because at the submit point, I still have to get the data out and munge it
for sending, which is no different from above really.
Does anyone have any idea on how I could solve this problem? 5 1314
Hi,
On client side, you can hide nothing if you use html or javascript.
So you can write activeX or winform'dll ,and then embed them to web page by
<object....>.
Use thses objects to communicate with server directly without submitting the
page.
--
Juno
MCSD.NET, MCDBA, MCSE
----------------------------------------------------------
Support Team of EasyDotNet, INC. http://www.EasyDotNet.com
DataForm.NET - The most powerful data entry web server control for ASP.NET
"Nick" <fr**@here.com> wrote in message
news:uj**************@TK2MSFTNGP12.phx.gbl... I have the need to return some data back to the server when a Submit
button is pressed on a web page. However I dont want anybody to know about the mechanism for sending the data back, becase it could be open to abuse.
For example, if I do some javascript on the submit button, which gets this "seceret" information and munges it onto the Action property of a Form
tag, anyone with a basic understanding of javascript would be able to work out how to spoof my site.
While the user is viewing a certain web page, they click certain things
and this is to be tracked and returned to the server. However this is a kind
of betting site, and it is important I circumvent any abilities to cheat. Seeing how data is submitted would be one way people could learn to cheat. One idea I had was to include a flash object, and talk to the flash
object. Then when submit is invoked, get the data out and send. But this idea
fails because at the submit point, I still have to get the data out and munge it for sending, which is no different from above really.
Does anyone have any idea on how I could solve this problem?
Juno thanks...I hadnt thought of using a winform dll - does this mean I can
somehow get the winform dll loaded clientside automatically?
"Juno" <su*****@easydotnet.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl... Hi,
On client side, you can hide nothing if you use html or javascript. So you can write activeX or winform'dll ,and then embed them to web page
by <object....>. Use thses objects to communicate with server directly without submitting
the page. -- Juno MCSD.NET, MCDBA, MCSE ---------------------------------------------------------- Support Team of EasyDotNet, INC. http://www.EasyDotNet.com DataForm.NET - The most powerful data entry web server control for ASP.NET "Nick" <fr**@here.com> wrote in message news:uj**************@TK2MSFTNGP12.phx.gbl... I have the need to return some data back to the server when a Submit button is pressed on a web page. However I dont want anybody to know about the mechanism for sending the data back, becase it could be open to abuse. For example, if I do some javascript on the submit button, which gets this "seceret" information and munges it onto the Action property of a Form tag, anyone with a basic understanding of javascript would be able to work
out how to spoof my site.
While the user is viewing a certain web page, they click certain things and this is to be tracked and returned to the server. However this is a
kind of betting site, and it is important I circumvent any abilities to cheat. Seeing how data is submitted would be one way people could learn to
cheat. One idea I had was to include a flash object, and talk to the flash object. Then when submit is invoked, get the data out and send. But this idea fails because at the submit point, I still have to get the data out and munge
it for sending, which is no different from above really.
Does anyone have any idea on how I could solve this problem?
Of course, every client would have to have .NET installed to use a
winform.dll... And even if they do, they could use a decomipler and still
find out what is going on. The same goes for flash or virtually any other
client side solution. It is best to figure a method to keep opperations on
the server side if at all possible.
You said it was a betting type site, if their is money involved, you could
open yourself to problems if you depend on the client side for anything.
--
Rocky Moore www.HintsAndTips.com / Share your tips - Earn rewards www.MyQuickPoll.com / 2004 Election poll ID #33 www.GotTheAnswerToSpam.com / Block virtually all spam email www.RJSoft.com/Products/RJContentPanel/ - Free web user template content
control!
"Juno" <su*****@easydotnet.com> wrote in message
news:#l**************@tk2msftngp13.phx.gbl... Hi,
On client side, you can hide nothing if you use html or javascript. So you can write activeX or winform'dll ,and then embed them to web page
by <object....>. Use thses objects to communicate with server directly without submitting
the page. -- Juno MCSD.NET, MCDBA, MCSE ---------------------------------------------------------- Support Team of EasyDotNet, INC. http://www.EasyDotNet.com DataForm.NET - The most powerful data entry web server control for ASP.NET "Nick" <fr**@here.com> wrote in message news:uj**************@TK2MSFTNGP12.phx.gbl... I have the need to return some data back to the server when a Submit button is pressed on a web page. However I dont want anybody to know about the mechanism for sending the data back, becase it could be open to abuse. For example, if I do some javascript on the submit button, which gets this "seceret" information and munges it onto the Action property of a Form tag, anyone with a basic understanding of javascript would be able to work
out how to spoof my site.
While the user is viewing a certain web page, they click certain things and this is to be tracked and returned to the server. However this is a
kind of betting site, and it is important I circumvent any abilities to cheat. Seeing how data is submitted would be one way people could learn to
cheat. One idea I had was to include a flash object, and talk to the flash object. Then when submit is invoked, get the data out and send. But this idea fails because at the submit point, I still have to get the data out and munge
it for sending, which is no different from above really.
Does anyone have any idea on how I could solve this problem?
If you only concern about the idea of spoofing, maybe use https with an
ActiveX component will do the job.
From my understanding using https alone will greatly increase the trouble
for someone to spoof on your website.
"Nick" <fr**@here.com> ¦b¶l¥ó news:uj**************@TK2MSFTNGP12.phx.gbl ¤¤
¼¶¼g... I have the need to return some data back to the server when a Submit
button is pressed on a web page. However I dont want anybody to know about the mechanism for sending the data back, becase it could be open to abuse.
For example, if I do some javascript on the submit button, which gets this "seceret" information and munges it onto the Action property of a Form
tag, anyone with a basic understanding of javascript would be able to work out how to spoof my site.
While the user is viewing a certain web page, they click certain things
and this is to be tracked and returned to the server. However this is a kind
of betting site, and it is important I circumvent any abilities to cheat. Seeing how data is submitted would be one way people could learn to cheat. One idea I had was to include a flash object, and talk to the flash
object. Then when submit is invoked, get the data out and send. But this idea
fails because at the submit point, I still have to get the data out and munge it for sending, which is no different from above really.
Does anyone have any idea on how I could solve this problem?
"Rocky Moore" <gR*********@hintsandtips.com> wrote in message
news:eC**************@TK2MSFTNGP10.phx.gbl... Of course, every client would have to have .NET installed to use a winform.dll... And even if they do, they could use a decomipler and still find out what is going on. The same goes for flash or virtually any other client side solution. It is best to figure a method to keep opperations
on the server side if at all possible.
Didnt realise you can decompile flash if it is a swf file?
You said it was a betting type site, if their is money involved, you could open yourself to problems if you depend on the client side for anything.
A colleague has mentioned using a Java applet for the main security related
aspects. Could be a better idea.
-- Rocky Moore www.HintsAndTips.com / Share your tips - Earn rewards www.MyQuickPoll.com / 2004 Election poll ID #33 www.GotTheAnswerToSpam.com / Block virtually all spam email www.RJSoft.com/Products/RJContentPanel/ - Free web user template content control!
"Juno" <su*****@easydotnet.com> wrote in message news:#l**************@tk2msftngp13.phx.gbl... Hi,
On client side, you can hide nothing if you use html or javascript. So you can write activeX or winform'dll ,and then embed them to web page by <object....>. Use thses objects to communicate with server directly without submitting the page. -- Juno MCSD.NET, MCDBA, MCSE ---------------------------------------------------------- Support Team of EasyDotNet, INC. http://www.EasyDotNet.com DataForm.NET - The most powerful data entry web server control for
ASP.NET
"Nick" <fr**@here.com> wrote in message news:uj**************@TK2MSFTNGP12.phx.gbl... I have the need to return some data back to the server when a Submit button is pressed on a web page. However I dont want anybody to know about
the mechanism for sending the data back, becase it could be open to abuse. For example, if I do some javascript on the submit button, which gets this "seceret" information and munges it onto the Action property of a Form tag, anyone with a basic understanding of javascript would be able to work out how to spoof my site.
While the user is viewing a certain web page, they click certain
things and this is to be tracked and returned to the server. However this is a
kind of betting site, and it is important I circumvent any abilities to cheat. Seeing how data is submitted would be one way people could learn to cheat. One idea I had was to include a flash object, and talk to the flash
object. Then when submit is invoked, get the data out and send. But this idea fails because at the submit point, I still have to get the data out and
munge it for sending, which is no different from above really.
Does anyone have any idea on how I could solve this problem?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Lars Plessmann |
last post by:
Problem: I try to store data in a objects field and read it out again.
Sounds easy, yeah. But its a bit tricky here.... ;-)
This is the class Customer.php with some setter and getter functions...
|
by: dracolytch |
last post by:
Good day all,
Ok, I have a pretty tricky problem that I need some help with.
I pass around search query information a fair amount (specifically
WHERE statements). Normally, I just rawurlencode()...
|
by: Bung |
last post by:
Hi,
I have a tricky sql statment I have to write (tricky for me) and I am
stuck. I'm having trouble with the following problem.
Table1 (Column a, Column b, Column c)
Table2 (Column a, Column...
|
by: PyPK |
last post by:
What possible tricky areas/questions could be asked in Python based
Technical Interviews?
|
by: Danny |
last post by:
Hi there
I need help with a tricky problem.
I have a 2 dimensional array with qualities such as
ball size, ball color, ball weight.
Now I have to print out all the possible combinations of...
|
by: Steve Jorgensen |
last post by:
== On Error Resume next, and Err.Number ==
If you want to call one of your procedures from another procedure, and check
for errors afterward, you mayimagine that you should write code something...
|
by: pras.vaidya |
last post by:
Hi , below given question was asked to me during an interview and i
figured it out little tricky . It would be a great help if anyone
could solve it.
Code : -
main()
{
char...
|
by: pruebauno |
last post by:
I am currently working on a tricky problem at work. I googled around a
bit, but "time intervals" did not come up with anything useful.
Although I have some rough idea of how I could solve it, I...
|
by: MorrganMail |
last post by:
Or at least I find it tricky. :-)
Assume we have three tables A, B and C. Table A contains a path and the
distance for traveling that path:
A (PathId, NodeId, Dist (from previous node))
1, 1,...
|
by: Osiris |
last post by:
Just something I would like to share:
I just learned the hard way (2 days detective work on a bug) that foreach
loops are not at all like for loops, not intuitive at all. BEWARE: arrays
and...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |