I was just browing around online and found a thread on asp.net’s forum talking about disabling a textbox for security reasons.
Now, I’m always anal when it comes to security, double checking everything sever side and never assuming the page generated on the clientside will be the way I intended it on the way back.
For those who have ever thought of doing this as a quick solution, I’m sorry, but you’re wrong. All disabling controls do is create a friendly user interface where a user knows ahead of time they can’t edit it.
In any browser, such as firefox, with firebug, you can just back the code and reenable it and then alter the text and submit the form. if you failed to double check for changed and access rights, the person will have just hacked your site. Something any kid can do! So don’t do it! Use it only to make your site more friendly AND NOT for security reasons.
First blog I read after wakeup from sleep today!
________________________
Proven! How to cure Acne Naturally.Email to mike.wilson80@ymail.com for more information.
Comment by Mike — March 4, 2009 @ 7:42 am