The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
We have a code, see below, that constructs the URL below:
http://www.MySite.com/sub1/sub2/?pyActivity=WorkManager.ShowPortal&UserIdentifier=MyEmail@MyCompany.com
How can I prevent the user/hacker from modifying the [&UserIdentifier=MyEmail@MyCompany.com] as this the variable that drives the user interface?
http://www.MySite.com/sub1/sub2/?pyActivity=WorkManager.ShowPortal&UserIdentifier=MyEmail@MyCompany.com
How can I prevent the user/hacker from modifying the [&UserIdentifier=MyEmail@MyCompany.com] as this the variable that drives the user interface?
Code:
<%
' This function grabs the employee ID from NT
Function GetEmpID
Dim strNTUser, iPos
strNTUser = RTrim(Request.ServerVariables("LOGON_USER"))
iPos = Len(strNTUser) - InStr(1, strNTUser,"\",1)
strNTUser = Right(strNTUser, iPos)
GetEmpID=LCASE(strNTUser)
End Function
%>
<body onload="document.forms[0].submit()">
<form method="post" action="/sub1/sub2/">
<input name="pyActivity" type="hidden" value="WorkManager.ShowPortal">
<input name="UserIdentifier" type="hidden" value="<%= GetEmpID %>@MyCompany.com">
<input type="submit">
</form>
نوشته شده در
If its going to end up on the client side, there really isn't much that can be done to deter tampering. You'd be better off looking at creating solid validation on the server-side.
نوشته شده در
I tried URL re-writing and it did not work either. I am looking to do it in ASP.NET. I will post the code when completed.