Click here to Skip to main content
15,947,472 members
Home / Discussions / Web Development
   

Web Development

 
Questionvisual studio 2005 Pin
Member 36991928-Feb-07 18:22
Member 36991928-Feb-07 18:22 
AnswerRe: visual studio 2005 Pin
kubben9-Feb-07 7:12
kubben9-Feb-07 7:12 
QuestionEncrypt URL to prevent parameter tampering attacks [modified] Pin
SindyatIndy8-Feb-07 7:24
SindyatIndy8-Feb-07 7:24 
AnswerRe: Encrypt URL to prevent parameter tampering attacks Pin
User 98858-Feb-07 21:24
User 98858-Feb-07 21:24 
AnswerRe: Encrypt URL to prevent parameter tampering attacks Pin
User 98858-Feb-07 21:28
User 98858-Feb-07 21:28 
AnswerRe: Encrypt URL to prevent parameter tampering attacks Pin
badgrs8-Feb-07 23:05
badgrs8-Feb-07 23:05 
AnswerRe: Encrypt URL to prevent parameter tampering attacks Pin
Bradml9-Feb-07 2:47
Bradml9-Feb-07 2:47 
GeneralRe: Encrypt URL to prevent parameter tampering attacks Pin
SindyatIndy9-Feb-07 4:19
SindyatIndy9-Feb-07 4:19 
Thanks guys for all the responses!

Now I think about this, it seems the only way to solve this parameter tampering attack problem is to validate all user input.

Using SSL won't help to prevent parameter tampering because in this case the attacker is not someone who tries to intercept the data between end user and the server. The attacker is a valid user who just tries to gain access to certain data he does not have right to.

Using URL signing/encryption can work only if ALL the URLs can be built in the server side when the page is rendered.

Anything done in JavaScript including JavaScript encryption, hashing or Ajax + WebService call as Badgrs suggested can be accessed and used by the attacker. A simple test would be putting "javascript:SomePageJavaScript(some_param…)" in the browser's address bar you can see user can run any functions that the current page has access to.

Sindy
QuestionError Opening project Pin
No-e8-Feb-07 7:17
No-e8-Feb-07 7:17 
AnswerRe: Error Opening project Pin
Sandeep Akhare8-Feb-07 23:52
Sandeep Akhare8-Feb-07 23:52 
Questionjavascrpt drop down blank Pin
spinanicky8-Feb-07 3:56
spinanicky8-Feb-07 3:56 
QuestionJavascript : Moving objects Pin
SoftDeveloper8-Feb-07 3:48
SoftDeveloper8-Feb-07 3:48 
QuestionWeb.Config Security settings. Pin
BLOEDHOND8-Feb-07 1:51
BLOEDHOND8-Feb-07 1:51 
AnswerRe: Web.Config Security settings. Pin
Sandeep Akhare8-Feb-07 3:55
Sandeep Akhare8-Feb-07 3:55 
Questionscrollbar using Pin
Shital@icon7-Feb-07 22:45
Shital@icon7-Feb-07 22:45 
QuestionXHTML and css Pin
User 98857-Feb-07 19:56
User 98857-Feb-07 19:56 
AnswerRe: XHTML and css Pin
User 98857-Feb-07 20:01
User 98857-Feb-07 20:01 
GeneralRe: XHTML and css Pin
Bradml7-Feb-07 22:32
Bradml7-Feb-07 22:32 
GeneralRe: XHTML and css Pin
User 98857-Feb-07 22:57
User 98857-Feb-07 22:57 
GeneralRe: XHTML and css Pin
Bradml7-Feb-07 23:00
Bradml7-Feb-07 23:00 
GeneralRe: XHTML and css Pin
User 98857-Feb-07 23:08
User 98857-Feb-07 23:08 
GeneralRe: XHTML and css Pin
Bradml7-Feb-07 23:12
Bradml7-Feb-07 23:12 
AnswerRe: XHTML and css Pin
Bradml7-Feb-07 22:32
Bradml7-Feb-07 22:32 
AnswerRe: XHTML and css Pin
szukuro8-Feb-07 1:29
szukuro8-Feb-07 1:29 
GeneralRe: XHTML and css Pin
User 98858-Feb-07 2:04
User 98858-Feb-07 2:04 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.