Home/ Questions/Q 6342217
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T20:11:58+00:00

What is the best way to prevent a standard ASP.NET form from submitting certain

  • 0

What is the best way to prevent a standard ASP.NET form from submitting certain fields in the onsubmit event? Specifically, I have a registration page where I first validate the fields (RequiredFieldValidator) and then submit the form. However I would like to only submit the password hash from a hidden field, without the actual plain text password field.

I could override the default onsubmit function to nullify the fields before submitting, but then I won’t be able to validate the password. What is the best way to handle the situation?

I am writing in C# on ASP.NET 3.5.

Thank you.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could keep the plain text inputs outside of the <form> or remove them with javascript right before submitting the form or just ignore those fields on the server when handling the post.

    As for hashing the password client-side, check out this answer

    The only (currently practical) way to protect against login
    interception (packet sniffing) during login is by using a
    certificate-based encryption scheme (e.g. SSL) or a proven & tested
    challenge-response scheme (e.g. the Diffie-Hellman-based SRP). Any
    other method can be easily circumvented by an eavesdropping attacker.
    On that note: hashing the password client-side (e.g. with Javascript)
    is useless unless it is combined with one of the above – ie. either
    securing the line with strong encryption or using a tried-and-tested
    challenge-response mechanism (if you don’t know what that is, just
    know that it is one of the most difficult to prove, most difficult to
    design, and most difficult to implement concepts in digital security).
    Hashing the password is effective against password disclosure, but not
    against replay attacks, Man-In-The-Middle attacks / hijackings, or
    brute-force attacks (since we are handing the attacker both username,
    salt and hashed password).

    • 0