[Javascript] DevToolbar
Scott Reynen
scott at randomchaos.com
Wed Feb 15 14:30:20 CST 2006
On Feb 15, 2006, at 1:41 PM, Allard Schripsema wrote:
> Is the aspnet viewstate a defence against this kind of
> pagetampering, or
> does it also simply accept changes? How do other languages protect
> themselves?
> Is there any easy way of protecting the pages against these tools?
The pages don't need protecting. They are already in the client's
computer and out of your control. What you should be protecting is
the data on your server. The only place to do that reliably is on
the server. It has been possible (even trivial) to submit a form
with forged origin since before JavaScript existed.
Peace,
Scott
More information about the Javascript
mailing list