|
hemant_garg wrote: initially i did by makin another textbox which is not visible in the page and then used compare validator to compare the given value against original value...
This is not a good method. A person who is viewing the source can easily get the value stored in hidden field. I suggest you to do this in server side rather than going for validators. Connect to db and check the password is correct. If not display a message. Don't allow user to complete the process untill both passwords are same
|
|
|
|
|
|
hello hemant,
just try to use the data reader and try to fetch the values from the database then compare the
values like
if (textbox1.text = dr("BLAHBLAH") then
msgbox("Equal")
end if
regards,
koolprasad2003
Be a good listener...Because Opprtunity knoughts softly...N-Joy
|
|
|
|
|
Hi guys, I need a help please
In my asp.net 2 pages, when I disable some controls on page, user can run some javascript code in address bar that enables my disabled controls, that will cause un-needed results
for example
A gridview that lists exams with a checkbox for each exam, when at least one student has launched an exam, I disable its checkbox so that instructor cannot delete it
Now how can I prevent user from running javascript code from address bar to enable that checkbox, then delete exam
|
|
|
|
|
You should NEVER rely on javascript for anything. You CANNOT disable it. Anything that is selected via javascript, MUST be validated on the server side before performing any actions.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
"I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )
|
|
|
|
|
Christian Graus wrote: You CANNOT disable it. Anything that is selected via javascript, MUST be validated on the server side before performing any actions.
Then what will be the use of javascript if we are rechecking everything in server before processing ? Or is it possible to identify javascript is supported by the browser or not ? If not supported then validate it on server. What do you say ? Please make me clear
|
|
|
|
|
Navaneeth. wrote: Or is it possible to identify javascript is supported by the browser or not ? If not supported then validate it on server
Thats not the point that was made. The point is that the client (and any javascript methods) cannot be trusted. As was the original question, a user with some javascript know-how can manipulate the form.
The point of javascript is to make things easier for the user, like disabling the check boxes so its obvious they can't use them, rather than waiting for a postback only to be told they did something wrong. Javascript should be used to enhance the users experience of an site/application, but should never be relied upon for security.
|
|
|
|
|
I tend to check data at every boundary of the application.
I check that what the user put into my page is good.
I then check that what the page submitted to ASP.Net is good.
my ASP code then uses my Business Logic Layer which checks that the data it receives is good.
I don't specifically check that the data entering the database is good but i do have rigorous constraints set up on all databases and I make sure that only objects written by my team have direct writeable access to the DB. I also know that those objects have been repeatedly unit tested before they are released.
You can never check data enough in my opinion especially if those data may have been submitted by an external actor beyond your control. eg web user, public webservice, contract developer. This approach may be bordering on the paranoid but it makes applications far more stable especially as the type of checking that occurs at each level is likely to be different and therefore catches a different set of errors that may occur.
Russ
|
|
|
|
|
Hey people, I think you didn't understand me
I have a button - for example - on my web form
In some cases I disable this button by server side code, no problem
Now my question is:
Can any user openning this page execute javascript code from browser's address bar to enable that button??
And if yes, how can I prevent user from doing that??
|
|
|
|
|
We understood you perfectly.
Ahmad Safwat wrote: Can any user openning this page execute javascript code from browser's address bar to enable that button??
Yes.
Ahmad Safwat wrote: And if yes, how can I prevent user from doing that??
You can't, which is the point we were trying to make.
Go ahead and disable the button, but don't make that the only means to stop users doing whatever function is attached to it in the code-behind. You could always set its Visible property instead so it won't even be rendered to the client.
|
|
|
|
|
hi badgrs,
thanx my dear, I already hide controls instead of disabling them, but I thought there may be a better solution that I don't know
I don't want to check user's javascript code, I need to block scripting
I need to prevent users from run any javascript code on my page
Is this possible
because hiding controls sometimes make the page looks bad
thanx again
|
|
|
|
|
Ahmad Safwat wrote: I need to prevent users from run any javascript code on my page
Is this possible
No.
|
|
|
|
|
|
Ahmad Safwat wrote: thanx my dear
Hmm, thats usually a phrase my ganny says to me...
Let me elaborate a bit, no isn't a very explanatory answer:
Ultimately you have no control what-so-ever over the browser. You can (and should) do everything possible to make things easier for the user, but you should never try to stop them doing anything. If they want to screw things up thats their problem, let them do it, just make sure you have sufficient validation in place server-side.
|
|
|
|
|
Hmmmm, thanx my dear
This is really a good advice
thank u
|
|
|
|
|
HI i m using a simple web part application
But when i run that application it show me sqlserver 2005 error
the error is :
An error occurred during the execution of the SQL file 'InstallMembership.sql'. The SQL error number is -2 and the SqlException message is: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding
I am not doing any database maniputation in my page still it show this error.
Any idea please tell me
Thanks in Advance
|
|
|
|
|
|
Prakash_Mishra wrote: Prakash Mishra(Banglore,India)
Prakash Mishra(Banglore,India)
One is Enough.
Regards,
Satips.
|
|
|
|
|
Hello
What is the use of repeating the same question rather than explaining it in a simple way ? I think including me no one understood what is your problem exactly. So please make it clear to get help.
|
|
|
|
|
i am doing an web page application in which i want to populate all the row data
values of the colum or row clicked by user...
As there is no mouseover or mouse click event for GridView in ASP .net wat can i do ....
Please Help......
Thanks
SAJAN A PILLAI
C#.NET Programmer
TELESOFT INDIA PVT LTD...
BANGALORE
|
|
|
|
|
1. You can use DataGrid's ItemDataBound event for this.
At any point you can have the exact cell value by --> e.Item.Cells[x].Text
--------------------------------------------------------------
2. You can also have mouseover or mouse-click events for a DataGrid Row.
if (e.Item.ItemType == ListItemType.Item ||e.Item.ItemType == ListItemType.AlternatingItem)
{
if (e.Item.ItemType == ListItemType.Item)
{
e.Item.Attributes.Add("onmouseover", "JavaScriptFunctionName();");
e.Item.Attributes.Add("onmouseout", "JavaScriptFunctionName();");
}
if (e.Item.ItemType == ListItemType.AlternatingItem)
{
e.Item.Attributes.Add("onmouseover", "JavaScriptFunctionName();");
e.Item.Attributes.Add("onmouseout", "JavaScriptFunctionName();");
}
}
|
|
|
|
|
i want to know how it can be done in gridview control
SAJAN A PILLAI
C#.NET Programmer
TELESOFT INDIA PVT LTD...
BANGALORE
|
|
|
|
|
hello,
i am trying to find out "how to add a simple textbox to a form at runtime and then send its textvalue(whatever written in it) to a datatable made in my dadabase"
is anybody can help me!
thanx in advance!
nitin
|
|
|
|
|
Add a placeholder control where you want to add the textbox
then at run time create the new object of your textbox give it id and then
add that textbox to the placeholder .
now the control is in page you can use that value
Thanks and Regards
Sandeep
If If you look at what you do not have in life, you don't have anything,
If you look at what you have in life, you have everything... "
|
|
|
|
|
Nitin, sandip is right...
However, you can also use "Panels" for the same
protected System.Web.UI.WebControls.Panel Panel1;
... ...
.... ....
TextBox txt =new TextBox();
txt.ID = "textBox1";
Panel1.Controls.Add(txt);
... ...
.... ....
//At any point of time you can read value from this text box
TextBox tempText = new TextBox()
tempText = (TextBox)Panel1.FindControl("textBox1")
string strValue = tempText.Text()
Sreekumar P P
|
|
|
|