Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to disable a button if user doesnt have rights to access it. I am
disabling at Page_Load event
Page_Load() {
if(!userhasrights) {
btn.Enabled=false;
}
}
but after rendering asp.net just sets its disabled property to disabled which
a hacker can easily set to ‘true’ & can access the button. How can i
protect my button in disabled mode?
You cannot protect the html state of the button, since users can always modify it.
You should have server-side validation when the button is pressed, and return error/warning to users who are not authorized to click on it. You can still user the disable state for usability.
The other solution is not to generate the button when the users are not authorized to click on it. If you really need to have the disabled button, add an image instead of a button.