Is it possible to change values on the screen and send to the server?

Question

Is it possible to change values on the screen and send to the server?

Asked 7 years, 4 months ago

Viewed 89 times

0

I work in an Asp.Net application where some values like order price and products are collected from the form. The final order total is made over the sums of the values that come from the form, from the property text/value.

My doubt is that if some system user can for example change these values in HTML that he has access through the browser and send divergent values for processing.

Put at least a small part of the form. Although the answer will probably be positive.

– Thiago Santos

2017/02/07 at 19:06
3

Yes it is possible! this total is 'illustrative' for the user, at the time of closing the order display the values calculated from the server side then 'ask' for the user the price and quantity of that order match what you chose? you will not close the total based on the calculation of the client side, you will get the id of the products make a query and add/cash the values on the side server.

– rray

2017/02/07 at 19:07
Dude I didn’t post code because and one more doubt concept technique and there is a problem with my code itself but I will try to arrange something illustrative.

– Jhonatan Jorge de Lima

2017/02/07 at 19:11
got it, so in case if I’m picking up the screen value the guy can put the order value as 1 real and pay only 1 real for it, in case I don’t validate on the server side?

– Jhonatan Jorge de Lima

2017/02/07 at 19:11
2

What you are picking up from inputs the user can handle yes with code inspection tools, even if you are Readonly.

– user26552

2017/02/07 at 19:38
but in this case the values are in Abels

– Jhonatan Jorge de Lima

2017/02/07 at 19:40
Now I can’t remember if the label will be submitted in Asp.Net. In this case you should edit the question and specify that you are talking about Label, because it changes quite the context of the answer.

– user26552

2017/02/07 at 19:53
That question might help: Using client validation is sufficient?

– Felipe Paetzold

2017/02/07 at 19:54

Show 3 more comments

1 answer

Browser other questions tagged asp.net security-guard

You are not signed in. Login or sign up in order to post.

by Lucas Kauer • **717** points · Answer 1 · 2017-02-07T19:50:01+00:00

If your doubt is more conceptual, the answer will be yes, the user can change the price values of the orders and/or products and/or the total in HTML. Therefore, it is recommended to always do the validations both on the client side and on the server side.

Updated

At this link you will find the dangers of validation only on the client side.