Re: Help on validation process?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thnaks for your link

regard
serge

"S. Justin Gengo" wrote:

> Serge,
>
> Here's a good article on Cross Site Scripting:
>
> http://www.cgisecurity.com/articles/xss-faq.shtml
>
> --
> Sincerely,
>
> S. Justin Gengo, MCP
> Web Developer / Programmer
>
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzsche
> "serge calderara" <sergecalderara@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:4681F97D-6049-4FC9-AB39-8F6CC9F2ADA0@xxxxxxxxxxxxxxxx
> > Thnaks for your reply
> >
> > Have you heard about those spaming method of hacker which make you feel
> > that
> > your are on your bank home page but in fact its there own in order to
> > collects data or destroy your system....
> >
> > Does this ASP cross check validation on client and server side can prevent
> > from such thing happen ?
> >
> > "S. Justin Gengo" wrote:
> >
> >> Serge,
> >>
> >> All of the .NET validators attempt to validate each control client-side
> >> in
> >> order to save a trip to the server. This is done so that the user
> >> experience
> >> is faster whenever possible. However, no client-side only validation is
> >> secure because the server should never trust what the client is sending
> >> it.
> >> So the data is again validated server side. Validation server side may be
> >> checked by wrapping any code that will be using the input in question
> >> with
> >> something along the lines of:
> >>
> >> If Page.IsValid Then
> >> '---input is valid run code here
> >> End If
> >>
> >> If the code isn't valid the validator's automatically display error
> >> messages. This two tier system allows client machines capable of running
> >> the
> >> validation javascripts better the user experience, but still makes
> >> certain
> >> that input is valid and that browsers without the client-side validation
> >> capabilities still have the same (albeit slower) validation experience.
> >>
> >> --
> >> Sincerely,
> >>
> >> S. Justin Gengo, MCP
> >> Web Developer / Programmer
> >>
> >> www.aboutfortunate.com
> >>
> >> "Out of chaos comes order."
> >> Nietzsche
> >> "serge calderara" <sergecalderara@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> >> message news:F9A1DF47-6720-4C02-B2CE-7C4A5EDEF2E2@xxxxxxxxxxxxxxxx
> >> > Dear all,
> >> >
> >> > I have read that ASP.NET does double user input validation of control
> >> > when
> >> > they are place on the page. Once on teh client side and again from
> >> > server
> >> > side right ?
> >> >
> >> > Could explain how this process is exaclty working ?
> >> >
> >> > regards
> >> > thnaks for your help
> >> > Serge
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: OpenQM doco in Wiki
    ... By validation I assume that you mean whether or not a field entry is ... Ka band satellite - The Server is here and there is latency. ... business rules being on the client. ... As for the wider internet ie those ...
    (comp.databases.pick)
  • Re: eap-tls and peap-tls
    ... server is doing the internal validation. ... > "configure" option of the authentication method which is selected from ... > machine and user certificates (using peap-tls) does the IAS server ...
    (microsoft.public.internet.radius)
  • Re: OpenQM doco in Wiki
    ... burp because the server has been updated while the client was "away". ... Ka band satellite - The Server is here and there is latency. ... validation when the remote computer first connects. ... As for the wider internet ie those ...
    (comp.databases.pick)
  • Re: form submit
    ... What's expensive is NOT validating on the server, ... validate on the client. ... scripting, for example, we MIGHT use client-side validation. ... If your question is worth asking, ...
    (microsoft.public.scripting.jscript)
  • Re: In domain.company.com "domain" is not technically a child in a single domain 1 DC AD?
    ... I wasn't saying secured updates, ... To do secure updates would require extensive RFC changes and huge changes in the client and server. ... The little validation it does now is entirely based around name and disallows a modification to a name if the old IP address is still responding... ...
    (microsoft.public.windows.server.active_directory)