How do I make sure that the HTML form elements have not been modified for hacking on the client side before submitting?

Question

How do I make sure that the HTML form elements have not been modified for hacking on the client side before submitting?

I want to know if there is a way to prevent client-side HTML form elements from changing before submitting (the elements that they matter, like hidden elements)?

Let's say I have hidden elements. I want their values not to be changed by the user as intended.

Or what are HTML FORM security best practices?

+3

security html-form

Omid Aug 15 '09 at 9:43

source share

4 answers

, , , - . , , , , HMAC. - .

+2

Theran 15 . '09 9:48

, HTML , .

0

Wael Dalloul 15 . '09 9:47

I suggest that you try to see for yourself how trivial it is for the user to change what the form represents. Tamper Data add-on for firefox is for this purpose.

Hidden fields are only visually hidden, they do not have special protection against modification before sending. Best practice is to check everything that is sent - you cannot say that any client-side check (e.g. Javscript, field lengths) has been followed.

0

Andrew Strong Aug 17 '09 at 6:32

source share

Michael Borgwardt · Accepted Answer · 2009-08-15T10:04:08+0000

No, there is no way to prevent the client from sending randomly processed or incorrect requests. This is not true for web applications, this is true for any application where you do not physically control the client.

. :

- ( IP- ), ,
, SQL XSS .
( , , / , id " " )

How do I make sure that the HTML form elements have not been modified for hacking on the client side before submitting?

More articles: