Reputation: 3189
Security in ASP during payment
I am tester of an ASP-based web system.
There's a page which is used by user to purchase items. During the confirmation, I notice that the total payment (the total amount that user must pay) is stored in hidden input field, lets say its USD 10.000. It's very easy for anyone to change this value to 1 or even 0 and complete the payment.
May I know what strategy I should use to overcome this problem ? How can the programmer perform this kind of validation ?
Upvotes: 0
Views: 62
Answers (1)
Reputation: 1143
if it is asp.net the developer can store it in the ViewState or create just a variable to store the data in the code-behind.
If its classic asp then the developer can just pass that variable using Request.Form or and post it to the next page to complete the order or perhaps store the data in a session.
Upvotes: 1