[Javascript] DevToolbar

[Scott Reynen]

On Feb 15, 2006, at 1:41 PM, Allard Schripsema wrote:

> Is the aspnet viewstate a defence against this kind of  
> pagetampering, or
> does it also simply accept changes? How do other languages protect
> themselves?
> Is there any easy way of protecting the pages against these tools?

The pages don't need protecting.  They are already in the client's  
computer and out of your control.  What you should be protecting is  
the data on your server.  The only place to do that reliably is on  
the server.  It has been possible (even trivial) to submit a form  
with forged origin since before JavaScript existed.

Peace,
Scott