Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Overloading security check on dropdown, is it possible??

Reply
Thread Tools

Overloading security check on dropdown, is it possible??

 
 
Søren M. Olesen
Guest
Posts: n/a
 
      07-06-2006
Hi

I'm trying to populate a dropdown list on a page, with the result from an
AJAX request, however, because my dropdown is runat="server" I get a
security error when posting back my page.
I guess that makes sence since a hacker could attemt to compromise the
webserver this way, however in my situation it's a bit of a problem.....

Is there a way to make the security check my self, so that I can determine
whether the data is OK or not??

TIA

Søren




 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      07-06-2006
Hi,

i guess you are getting an ArgumentException?

you can disable that check by setting EnableEventValidation=false on the
page - but then - you have to thoroughly verify every single postback.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi
>
> I'm trying to populate a dropdown list on a page, with the result from
> an
> AJAX request, however, because my dropdown is runat="server" I get a
> security error when posting back my page.
> I guess that makes sence since a hacker could attemt to compromise the
> webserver this way, however in my situation it's a bit of a
> problem.....
> Is there a way to make the security check my self, so that I can
> determine whether the data is OK or not??
>
> TIA
>
> Søren
>



 
Reply With Quote
 
 
 
 
Søren M. Olesen
Guest
Posts: n/a
 
      07-07-2006

Yeah, I know I can disable the EnableEventValidation, but the I'd have to
check everything myself, I'd prefer to only check the stuff I know could be
changed from JScript....

Regards,

Søren



"Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed). com...
> Hi,
> i guess you are getting an ArgumentException?
>
> you can disable that check by setting EnableEventValidation=false on the
> page - but then - you have to thoroughly verify every single postback.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi
>>
>> I'm trying to populate a dropdown list on a page, with the result from
>> an
>> AJAX request, however, because my dropdown is runat="server" I get a
>> security error when posting back my page.
>> I guess that makes sence since a hacker could attemt to compromise the
>> webserver this way, however in my situation it's a bit of a
>> problem.....
>> Is there a way to make the security check my self, so that I can
>> determine whether the data is OK or not??
>>
>> TIA
>>
>> Søren
>>

>
>



 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      07-07-2006
I don't think that's gonna work - i haven't tried that though...

but EventValidation is also in code -

check the calls to

ClientScriptManager.RegisterForEventValidate and ValidateEvent.



---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Create a Custom Control that inherits DropDownList and leave off the
> [SupportsEventValidation]
> attribute from the class.
> Use that control rather than DropDownList and you will effectively
> disable event validation for a single control on your page. Everything
> else will function as normal.
>
> "Søren M. Olesen" wrote:
>
>> Yeah, I know I can disable the EnableEventValidation, but the I'd
>> have to check everything myself, I'd prefer to only check the stuff I
>> know could be changed from JScript....
>>
>> Regards,
>>
>> Søren
>>
>> "Dominick Baier [DevelopMentor]"
>> <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed). com...
>>
>>> Hi,
>>> i guess you are getting an ArgumentException?
>>> you can disable that check by setting EnableEventValidation=false on
>>> the page - but then - you have to thoroughly verify every single
>>> postback.
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Hi
>>>>
>>>> I'm trying to populate a dropdown list on a page, with the result
>>>> from
>>>> an
>>>> AJAX request, however, because my dropdown is runat="server" I get
>>>> a
>>>> security error when posting back my page.
>>>> I guess that makes sence since a hacker could attemt to compromise
>>>> the
>>>> webserver this way, however in my situation it's a bit of a
>>>> problem.....
>>>> Is there a way to make the security check my self, so that I can
>>>> determine whether the data is OK or not??
>>>> TIA
>>>>
>>>> Søren
>>>>



 
Reply With Quote
 
Stephen Davies
Guest
Posts: n/a
 
      07-07-2006
Create a Custom Control that inherits DropDownList and leave off the
[SupportsEventValidation]
attribute from the class.

Use that control rather than DropDownList and you will effectively disable
event validation for a single control on your page. Everything else will
function as normal.
--
Regards
Stephen Davies


"Søren M. Olesen" wrote:

>
> Yeah, I know I can disable the EnableEventValidation, but the I'd have to
> check everything myself, I'd prefer to only check the stuff I know could be
> changed from JScript....
>
> Regards,
>
> Søren
>
>
>
> "Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
> wrote in message news:(E-Mail Removed). com...
> > Hi,
> > i guess you are getting an ArgumentException?
> >
> > you can disable that check by setting EnableEventValidation=false on the
> > page - but then - you have to thoroughly verify every single postback.
> >
> > ---------------------------------------
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> >> Hi
> >>
> >> I'm trying to populate a dropdown list on a page, with the result from
> >> an
> >> AJAX request, however, because my dropdown is runat="server" I get a
> >> security error when posting back my page.
> >> I guess that makes sence since a hacker could attemt to compromise the
> >> webserver this way, however in my situation it's a bit of a
> >> problem.....
> >> Is there a way to make the security check my self, so that I can
> >> determine whether the data is OK or not??
> >>
> >> TIA
> >>
> >> Søren
> >>

> >
> >

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RE: Overloading __init__ & Function overloading Iyer, Prasad C Python 4 09-30-2005 08:01 PM
Re: Overloading __init__ & Function overloading Fredrik Lundh Python 0 09-30-2005 03:59 PM
Overloading __init__ & Function overloading Iyer, Prasad C Python 3 09-30-2005 02:17 PM
Re: Overloading __init__ & Function overloading Steve Holden Python 0 09-30-2005 01:58 PM
Re: Overloading __init__ & Function overloading Fredrik Lundh Python 0 09-30-2005 01:53 PM



Advertisments