473,378 Members | 1,104 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > relying on client-side validation?

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Relying on client-side validation?

Hi

I'm interested to know what peoples opinions are on using the Client-side
Validators in ASP.NET? I use them very heavily but am experiencing the odd
occassion when users have either intentionally or inadvertantly bipassed
them.

Any ideas on how this could happen. I know that a determined hacker can push
data into http context and viewstate. But other than that, would disabling
javascript in the browser allow a user to bipass validation yet still use
the site as normal?

Thanks

Ben
Nov 19 '05 #1
6 1275
Ben:
I rely on client-side validation heavily too, but only as a first step
measure. It's great because it's efficient for my server (no postback) and
responsive for the user (no postback).

But it's easily circumventable. By disabling javascript, by simply using
telnet, by using one of the many plugins for firefox.

You should always put a
Page.Validate()
if Page.IsValid then
...
end if

in your event handlers or wherever else you need to make sure the validation
is run on the server..

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Ben Fidge" <be*******@btopenworld.com> wrote in message
news:ug****************@tk2msftngp13.phx.gbl...
Hi

I'm interested to know what peoples opinions are on using the Client-side
Validators in ASP.NET? I use them very heavily but am experiencing the odd
occassion when users have either intentionally or inadvertantly bipassed
them.

Any ideas on how this could happen. I know that a determined hacker can
push data into http context and viewstate. But other than that, would
disabling javascript in the browser allow a user to bipass validation yet
still use the site as normal?

Thanks

Ben

Nov 19 '05 #2
The built-in validation controls use both client side AND server side
validation by default.
This is to cover the scenarios you mentioned.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"Ben Fidge" <be*******@btopenworld.com> wrote in message
news:ug****************@tk2msftngp13.phx.gbl...
Hi

I'm interested to know what peoples opinions are on using the Client-side
Validators in ASP.NET? I use them very heavily but am experiencing the odd
occassion when users have either intentionally or inadvertantly bipassed
them.

Any ideas on how this could happen. I know that a determined hacker can
push data into http context and viewstate. But other than that, would
disabling javascript in the browser allow a user to bipass validation yet
still use the site as normal?

Thanks

Ben

Nov 19 '05 #3
Karl,

Thanks for the advice. If for example I use your suggestion on the Confirm
button OnClick event on a given page, what's the standard procedure for
delaing with validation errors, or does ASP.NEt handle this automatically?

Ben

"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:OQ**************@TK2MSFTNGP09.phx.gbl...
Ben:
I rely on client-side validation heavily too, but only as a first step
measure. It's great because it's efficient for my server (no postback)
and responsive for the user (no postback).

But it's easily circumventable. By disabling javascript, by simply using
telnet, by using one of the many plugins for firefox.

You should always put a
Page.Validate()
if Page.IsValid then
...
end if

in your event handlers or wherever else you need to make sure the
validation is run on the server..

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Ben Fidge" <be*******@btopenworld.com> wrote in message
news:ug****************@tk2msftngp13.phx.gbl...
Hi

I'm interested to know what peoples opinions are on using the Client-side
Validators in ASP.NET? I use them very heavily but am experiencing the
odd occassion when users have either intentionally or inadvertantly
bipassed them.

Any ideas on how this could happen. I know that a determined hacker can
push data into http context and viewstate. But other than that, would
disabling javascript in the browser allow a user to bipass validation yet
still use the site as normal?

Thanks

Ben


Nov 19 '05 #4
> You should always put a
Page.Validate()
if Page.IsValid then
...
end if
in your event handlers or wherever else you need to make sure the
validation is run on the server..


You shouldn't need to explicitly call Page.Validate unless you need to check
if the page has passed validation in or prior to Page_Load. If it's only
ever needed in your server side controls' event handlers, then Page.IsValid
is sufficient.

-Brock
DevelopMentor
http://staff.develop.com/ballen


Nov 19 '05 #5
Hi Brock,

Thanks for that. What is standard prcoedure for IsValid = false? Does
ASP.NET automatically report to the user that there's a problem using the
client-side validators or do I have to do this manually?

Ben
"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:60**********************@msnews.microsoft.com ...
You should always put a
Page.Validate()
if Page.IsValid then
...
end if
in your event handlers or wherever else you need to make sure the
validation is run on the server..


You shouldn't need to explicitly call Page.Validate unless you need to
check if the page has passed validation in or prior to Page_Load. If it's
only ever needed in your server side controls' event handlers, then
Page.IsValid is sufficient.

-Brock
DevelopMentor
http://staff.develop.com/ballen

Nov 19 '05 #6
If the page fails to validate then the server side validation controls render
as such. At the end of the day it looks just like as if the validation was
done client-side. So, no, there's nothing special to do when you're relying
upon the server side validation. One thing to note is that if there is no
client side validation then things such as the ValidationSummary's ShowMessageBox
won't work as desired.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi Brock,

Thanks for that. What is standard prcoedure for IsValid = false? Does
ASP.NET automatically report to the user that there's a problem using
the client-side validators or do I have to do this manually?

Ben

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:60**********************@msnews.microsoft.com ...
You should always put a
Page.Validate()
if Page.IsValid then
...
end if
in your event handlers or wherever else you need to make sure the
validation is run on the server..

You shouldn't need to explicitly call Page.Validate unless you need
to check if the page has passed validation in or prior to Page_Load.
If it's only ever needed in your server side controls' event
handlers, then Page.IsValid is sufficient.

-Brock
DevelopMentor
http://staff.develop.com/ballen


Nov 19 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
2-player game, client and server at localhost
by: Michael Rybak | last post by:
hi, everyone. I'm writing a 2-players game that should support network mode. I'm now testing it on 1 PC since I don't have 2. I directly use sockets, and both client and server do...
Python
2
Runtime client installed ....
by: Raquel | last post by:
How do I know whether the 'runtime client' and the 'application development client' are installed on my machine? When I issue the command "db2licm -l", it gives the following output: Product...
DB2 Database
2
Questions re WITH RETURN TO CLIENT
by: Rhino | last post by:
I am trying to verify that I correctly understand something I saw in the DB2 Information Center. I am running DB2 Personal Edition V8.2.1 on Windows. I came across the following in the Info...
DB2 Database
0
simple client/server problem. server stops responding
by: Harley | last post by:
Hello, I am just learning the tcp/ip functions etc under vb.net so please look over me if this is obviouse. I have been all over looking into any functions that I didn't totaly understand and...
Visual Basic .NET
8
socket -client
by: Ankit Aneja | last post by:
i am doing here some some socket-client work in C# windows service it is working fine for multiple clients now i want to limit these multiple clients to 25 for example i want that when service...
C# / C Sharp
2
imap/c-client integration with php5.1.1
by: J Huntley Palmer | last post by:
I am having a horrific time integrating uw-imap's c-client for imap support in php. The problem is a whole bunch of "Text relocation remains referenced against symbol" errors during linking....
PHP
9
Relying on the behaviour of empty container in conditional statements
by: horizon5 | last post by:
Hi, my collegues and I recently held a coding style review. All of the code we produced is used in house on a commerical project. One of the minor issues I raised was the common idiom of...
Python
0
Client server sockets script
by: khu84 | last post by:
Here is client server very simple code, seems to work with telnet but with with web client code gives blank output. Following is the server code:- <?php function...
PHP
2
client/server program
by: nsaffary | last post by:
hi I hava a client/server program that run correctly when i run it in one computer(local) but when I run client on a one computer and run server run on another, connection does not stablish.(I set...
C / C++
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!