Documents/links on preventing HTML form fiddling?
Posted
by larryq
on Stack Overflow
See other posts from Stack Overflow
or by larryq
Published on 2010-04-30T15:39:58Z
Indexed on
2010/04/30
15:47 UTC
Read the original article
Hit count: 281
Hi everyone,
I'm using ASP.Net but my question is a little more general than that. I'm interested in reading about strategies to prevent users from fooling with their HTML form values and links in an attempt to update records that don't belong to them.
For instance, if my application dealt with used cars and had links to add/remove inventory, which included as part of the URL the userid, what can I do to intercept attempts to munge the link and put someone else's ID in there? In this limited instance I can always run a check at the server to ensure that userid XYZ actually has rights to car ABC, but I was curious what other strategies are out there to keep the clever at bay. (Doing a checksum of the page, perhaps? Not sure.)
Thanks for your input.
© Stack Overflow or respective owner