By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,929 Members | 634 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,929 IT Pros & Developers. It's quick & easy.

Help on validation process?

P: n/a
Dear all,

I have read that ASP.NET does double user input validation of control when
they are place on the page. Once on teh client side and again from server
side right ?

Could explain how this process is exaclty working ?

regards
thnaks for your help
Serge
Dec 14 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Serge,

All of the .NET validators attempt to validate each control client-side in
order to save a trip to the server. This is done so that the user experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running the
validation javascripts better the user experience, but still makes certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:F9**********************************@microsof t.com...
Dear all,

I have read that ASP.NET does double user input validation of control when
they are place on the page. Once on teh client side and again from server
side right ?

Could explain how this process is exaclty working ?

regards
thnaks for your help
Serge

Dec 14 '05 #2

P: n/a
Thnaks for your reply

Have you heard about those spaming method of hacker which make you feel that
your are on your bank home page but in fact its there own in order to
collects data or destroy your system....

Does this ASP cross check validation on client and server side can prevent
from such thing happen ?

"S. Justin Gengo" wrote:
Serge,

All of the .NET validators attempt to validate each control client-side in
order to save a trip to the server. This is done so that the user experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running the
validation javascripts better the user experience, but still makes certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:F9**********************************@microsof t.com...
Dear all,

I have read that ASP.NET does double user input validation of control when
they are place on the page. Once on teh client side and again from server
side right ?

Could explain how this process is exaclty working ?

regards
thnaks for your help
Serge


Dec 14 '05 #3

P: n/a
Serge,

I assume you are referring to what is commonly known as cross site scripting
or XSS. Yes the validators are one line of defense against this. For example
if your page is allowing a number to input you should use a
CompareValidator. If you set the CompareValidator's Operator property to:
DataTypeCheck you can then set it's Type property to String, Integer,
Double, etc. For the example I'm giving you would set it to integer and then
nothing but an integer would be able to be submitted to the page. This would
stop an XSS attack.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:46**********************************@microsof t.com...
Thnaks for your reply

Have you heard about those spaming method of hacker which make you feel
that
your are on your bank home page but in fact its there own in order to
collects data or destroy your system....

Does this ASP cross check validation on client and server side can prevent
from such thing happen ?

"S. Justin Gengo" wrote:
Serge,

All of the .NET validators attempt to validate each control client-side
in
order to save a trip to the server. This is done so that the user
experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending
it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question
with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running
the
validation javascripts better the user experience, but still makes
certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:F9**********************************@microsof t.com...
> Dear all,
>
> I have read that ASP.NET does double user input validation of control
> when
> they are place on the page. Once on teh client side and again from
> server
> side right ?
>
> Could explain how this process is exaclty working ?
>
> regards
> thnaks for your help
> Serge


Dec 14 '05 #4

P: n/a
Serge,

Here's a good article on Cross Site Scripting:

http://www.cgisecurity.com/articles/xss-faq.shtml

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:46**********************************@microsof t.com...
Thnaks for your reply

Have you heard about those spaming method of hacker which make you feel
that
your are on your bank home page but in fact its there own in order to
collects data or destroy your system....

Does this ASP cross check validation on client and server side can prevent
from such thing happen ?

"S. Justin Gengo" wrote:
Serge,

All of the .NET validators attempt to validate each control client-side
in
order to save a trip to the server. This is done so that the user
experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending
it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question
with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running
the
validation javascripts better the user experience, but still makes
certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:F9**********************************@microsof t.com...
> Dear all,
>
> I have read that ASP.NET does double user input validation of control
> when
> they are place on the page. Once on teh client side and again from
> server
> side right ?
>
> Could explain how this process is exaclty working ?
>
> regards
> thnaks for your help
> Serge


Dec 14 '05 #5

P: n/a
no. the serverside validation performs two function, support browsers other
than IE (or ir has scripting turned off), and allow validation where
serverside code must be run to perform the validation.

-- bruce (sqlwork.com)
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:46**********************************@microsof t.com...
Thnaks for your reply

Have you heard about those spaming method of hacker which make you feel
that
your are on your bank home page but in fact its there own in order to
collects data or destroy your system....

Does this ASP cross check validation on client and server side can prevent
from such thing happen ?

"S. Justin Gengo" wrote:
Serge,

All of the .NET validators attempt to validate each control client-side
in
order to save a trip to the server. This is done so that the user
experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending
it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question
with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running
the
validation javascripts better the user experience, but still makes
certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:F9**********************************@microsof t.com...
> Dear all,
>
> I have read that ASP.NET does double user input validation of control
> when
> they are place on the page. Once on teh client side and again from
> server
> side right ?
>
> Could explain how this process is exaclty working ?
>
> regards
> thnaks for your help
> Serge


Dec 14 '05 #6

P: n/a
Thnaks for your link

regard
serge

"S. Justin Gengo" wrote:
Serge,

Here's a good article on Cross Site Scripting:

http://www.cgisecurity.com/articles/xss-faq.shtml

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:46**********************************@microsof t.com...
Thnaks for your reply

Have you heard about those spaming method of hacker which make you feel
that
your are on your bank home page but in fact its there own in order to
collects data or destroy your system....

Does this ASP cross check validation on client and server side can prevent
from such thing happen ?

"S. Justin Gengo" wrote:
Serge,

All of the .NET validators attempt to validate each control client-side
in
order to save a trip to the server. This is done so that the user
experience
is faster whenever possible. However, no client-side only validation is
secure because the server should never trust what the client is sending
it.
So the data is again validated server side. Validation server side may be
checked by wrapping any code that will be using the input in question
with
something along the lines of:

If Page.IsValid Then
'---input is valid run code here
End If

If the code isn't valid the validator's automatically display error
messages. This two tier system allows client machines capable of running
the
validation javascripts better the user experience, but still makes
certain
that input is valid and that browsers without the client-side validation
capabilities still have the same (albeit slower) validation experience.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"serge calderara" <se************@discussions.microsoft.com> wrote in
message news:F9**********************************@microsof t.com...
> Dear all,
>
> I have read that ASP.NET does double user input validation of control
> when
> they are place on the page. Once on teh client side and again from
> server
> side right ?
>
> Could explain how this process is exaclty working ?
>
> regards
> thnaks for your help
> Serge


Dec 15 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.