Home/ Questions/Q 6385345
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T02:53:15+00:00

I am using a button to do postback <asp:Button ID=SendButton Enabled=True Width=70 runat=server PostBackUrl='<%#

  • 0

I am using a button to do postback 

 <asp:Button ID="SendButton" Enabled="True" Width="70" runat="server" PostBackUrl='<%# Eval("GroupName", "SendMessage.aspx?GroupName={0}") %>' Text='Send'></asp:Button>

to send the GroupName to SendMessage.aspx page. But I feel it is vulnerable to attack, something like spoofing (correct me if i am wrong).

http://localhost:40092/SurelyK/SendMessage.aspx?GroupName=Acc

The Url contains the groupname which can be changed by attackers
How can I prevent my website from such attack. give me some suggestions pls.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The usual method to protect against this is to validate your inputs on the server side, where malicious clients can’t do anything. If you see an invalid group name on the server, you can just return a page saying so, rather than performing whatever processing you would for a valid group name.

    If you don’t expect the values to change, then you can store the data either in ViewState (which is encrypted) or in the Session (which is stored on the server, and is inaccessible to clients.)

    Given that you have a button for submitting this information, though, I think proper server-side validation is the correct path.

    As well, if you haven’t secured this page by requiring authentication and authorization, then you should of course do so as well, so that only users you know and trust can access the page regardless.

    • 0