locked
How to use variables instead of hiddenfields in jquery RRS feed

  • Question

  • User1839056048 posted

    Hi all,

    in my application iam using hiddenfields for storing values.

    during testing the application ,i found that every one can change the value of hiddenfield in browser and crack the application.

    so iam thinking of hiddenfield with varibles using jquery.

    currently iam setting the value of hiddenfield  using c# like this

           in load event


                            hddate.Value = newyear;
                            hfdate.Value = nyear;
                            hdfval.Value = fval;

    here hddate,hfdate and hdfval are hiddenfields .

    my requirement is declare varible using jquery.

    like

    var hddate;

    var hfdate;

    var hdfval; 

    how to set value to these varible in c# file like above

    Regards

    Baiju

    Saturday, March 19, 2016 3:54 AM

Answers

  • User-474980206 posted
    It's just as easy to crack variables as hidden fields. Most browser dev tools will allow changing variables, and creating posts, even Ajax posts.

    You should expect the user can modify any post data. If you don't want it modified, you should either not include it in the post data, or encrypt it.
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, March 19, 2016 3:54 PM

All replies

  • User-286291038 posted

    Hi Baiju,

    We need to first find out why the hidden fields are used in the first place before we switch to using variables. while your form is posted back to server, the hidden fields also get posted.

    So if your backend code depends on the hidden fields values that gets posted back, then just changing the hidden fields to jquery variables may create some defects.

    However, if you are using Ajax to post only some selected values in the form, then of course you can store the values in variables and then use it wherever you need. But a user who can change the hidden field value should be even able to change the values of the variables if he wants.

    So, basically, we can take the appropriate approach based on your application functionality.

    Saturday, March 19, 2016 4:46 AM
  • User1002530435 posted

    I will assume you are using an .net application and having .aspx & C# page.

    In test.aspx,you are having these following hidden values

    <input type="hidden" id="test1"/>
    <input type="hidden" id="test2"/>
    <input type="hidden" id="test3"/>
    <input type="hidden" id="test4"/>

    In jquery, assign  any values as you wish inside the val():For ex: i have passed different strings

    $('#test1').val('first value');
    $('#test2').val('Second value');
    $('#test3').val('Third value');
    $('#test4').val('Fourth value');

    So,Test1 value set as 'first value'
    So,Test2 value set as 'second value'

    So,Test3 value set as 'third value'

    So,Test4 value set as 'fourth value'

    Regards

    Ram

    Saturday, March 19, 2016 11:58 AM
  • User-474980206 posted
    It's just as easy to crack variables as hidden fields. Most browser dev tools will allow changing variables, and creating posts, even Ajax posts.

    You should expect the user can modify any post data. If you don't want it modified, you should either not include it in the post data, or encrypt it.
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, March 19, 2016 3:54 PM