Reputation: 1
How to prevent readonly fields data of my form?
My application is a Spring MVC framework based. Using JSP for my form. Some users are modifying read-only fields of form by pressing F12 or by developer tools. How can I stop users from modifying readonly fields of my form? Actually, there are many forms and doing server-side validation by searching from the database at run time for those fields which are readonly in my form is not good for performance and a big task. I have found this issue recently and I want to understand how can I stop users from doing it. Thanks.
Upvotes: 0
Views: 573
Answers (1)
Reputation: 47
Don't rely on the client.
That is, security on the client-side is not security.
Any security checks you do, or assumptions you make, on the client (aka HTML, javascript, etc) are irrelevant, and need to be performed on the server. When the user submits the form, simply disallow any values the user is not authorized to.
- The user can edit the HTML and put a custom input
- On the client side he can edit the submit request
- He can change the value of an existing not-readonly input
Upvotes: 1
Related Questions
- How to Make Spring form as Read Only?
- Make jsp fields readonly based on document creation
- Spring Form Tag - Security Issue
- How to prevent someone from modifying the input form parameters from the Browser in JSP/Servlets
- How to create a JSP custom tag which marks a field readonly?
- javascript send form to spring security validation
- Read only fields in spring-roo or spring-web-mvc
- How to make a Spring form:checkbox to readonly using javascript
- Protect specific fields when binding in Spring
- Make all form fields readonly in MVC