Can Hidden Fields Be Edited By The User?

January 29, 2024 Post a Comment

adding in security questions so that users may reset their passwords if they exceed maximum attempts. is it bad to do hidden fields such as these for authentication mechanism? <

Solution 1:

could a user go in and edit these hidden fields from the client side?

Of course! Anything on the client side can be edited. You cannot stop users from doing that.

You have to keep in mind that the client can post to the server any content, any time.

Solution 2:

yes of course , any one can change it by clicking in ctrl+maj+i

Solution 3:

Yes, penetration testers do this all the time using intercepting proxies such as Burp or Zap.

Baca Juga

How Can You Flip Website Upside Down In Ie ? (for The April 1st)
How To Display Web Browser Console In A Webpage
Get Security Error When Saving Canvas Object Into An Image

https://portswigger.net/burp/proxy.html https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

There are many other ways of modifying such data, including developer tools in the browser.

Html5 stackoverflow Examples

Can Hidden Fields Be Edited By The User?

Solution 1:

Solution 2:

Solution 3:

Post a Comment for "Can Hidden Fields Be Edited By The User?"