C
C#•2y ago
BlueJayBird

Hidden input fields and security concerns

I was reading about the use of hidden input fields, and I came across with this post https://stackoverflow.com/a/59320449/7389293 What are your thoughts on this? On my side, I'm always worried about security. What suggestions and experiences you have regarding this kind of fields and security? I attach a screenshot of some hidden fields rendered using Razor on MVC project.
Stack Overflow
What's the point of having hidden input in HTML? What are common us...
I don't see the benefit of having hidden input? If you set the value of the hidden input why not just use that value at the point where you reference this hidden input? There are reasons for this ...
14 Replies
Unknown User
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
BlueJayBird
BlueJayBird•2y ago
Yeah, @Duke , but my question is (and I'm sorry I was not clear about that in my post) if you think that's necessary to encrypt the data like that guy suggests in that post.
Unknown User
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
BlueJayBird
BlueJayBird•2y ago
The hidden value, and decrypt it after post.
Unknown User
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
BlueJayBird
BlueJayBird•2y ago
All of them. My main question is if it even worth the effort of adding encryption to those fields. Probably not...
Unknown User
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Pobiega
Pobiega•2y ago
Depends on the data in the fields for example, a HTTP post/put edit might use a hidden field to specify what is being edited no need to encrypt that, just verify it
BlueJayBird
BlueJayBird•2y ago
How do I verify it?
Pobiega
Pobiega•2y ago
Check that the user has the rights to edit the given number if they use web dev tools to change the number, you dont care. they still have access to editing that thing, so probably they just ruined or replaced their old data
BlueJayBird
BlueJayBird•2y ago
Ok, regarding that last point there's something I don't get. I really don't want the used modify the hidden data using Dev Tools, but I don't know if I should care if he changes anything.
Pobiega
Pobiega•2y ago
as I said, it depends on the data. if its "you shouldn't edit this, but if you do, its on you" leave it open if its "if you edit this, my program breaks" then encrypt it but ultimately, you have to remember the backend developers mantra "Do not trust the frontend"
BlueJayBird
BlueJayBird•2y ago
Ok. I understand that. Is encrypting the only one solution for this?
Pobiega
Pobiega•2y ago
no, the best way is to never let that data touch the frontend anyways 😛 if you encrypt it clientside, its not safe
Want results from more Discord servers?
Add your server
More Posts
Replacing font table in RichTextBox (WinForms)I'm working on a .NET Framework 4.8 app that uses WinForms and in there, `RichTextBox` is used. ThCall public methodHello, Im trying to create a "config" which retrieves values from the appsettings.json file. Ive cDebugging recursive algorithmsI'm practicing recursion in MSVS and I tend to get lost after following the first "branch" of "nodesAutomatic Formatting with MSVSI've googled this but none of the solutions seem to work? https://stackoverflow.com/questions/57559asp net core api response using composition over inheritancehi all, i come across an article creating a BaseResponse class for their API response, but the articReload the listHi, I have a language class. When I do OnChange, I will be able to reload the HTML text without any EF Migration errorhi, I am getting an error message, and I am guessing comes from the connection string Initial cataloget the address from pointer offsets.Trying to make a function to grab an address from pointer offsets. New to pointers and tried to follnatural sortHi guys, I need to do some kind of sort on a collection of strings... the actual strings are somethiI need help with chromiumI wanna add a Button That will Redirect me to Google.com