HiddenField Value changes via client

I'm using HiddenField in my Asp.net Page and store some value in it. but user can changes it's value via firefox Firebug in client side and ent开发者_Python百科er an invalid value in it. so when user presses the submit button in the web page,invalid data will recieve in server side and invalid data will store in my database. what can I do?

Validate the input on the server side. You should ALWAYS be doing that anyway, never trust users.

So basically whatever method you have in your code behind that handles saving data to the db needs to check all the data its sending first.

Although, nothing can prevent client side hacking, you can make it harder for them to access the data. Store the value in a JavaScript var then write the value to a hidden field onSubmit Even with this method a good developers kit will allow you to change that also, but it is now as obvious as a hidden field.

Another thing about security is add more layers.

• Use encrpytion
• Store the data in your database
• Don't store the values on the client side at all