I am using jQuery to disable some form buttons. Simple stuff. But how can I prevent users from editing the DOM and enabling the button themselves so they can work around the restrictions I put in place?
-
1You cannot! You have to use server side logic script as PHPA. Wolff– A. Wolff2013-01-07 16:57:19 +00:00Commented Jan 7, 2013 at 16:57
-
1This question may be of use to you. Keep in mind that the client cannot be trusted to validate its own input to your server.Ryan Stein– Ryan Stein2013-01-07 17:00:36 +00:00Commented Jan 7, 2013 at 17:00
Add a comment
|
4 Answers
You can't. The client is completely under the control of the user.
You can only handle what data you accept when it is submitted to the server.
Use client side code to make things convenient for users. Use server side code to enforce security and other restrictions.
1 Comment
tvb
Thank you. I understand. Thus I need to validate every input in the server-side.
You can't. The DOM is entirely handled by the browser. Once you've sent off the page to the client, it's out of your hands. All you can do is keep track of whether an action is allowed on the server, and allow or disallow it when they try.
Comments
You can't force the user to do anything, neither can you prevent them from doing anything. If you could, spammers would have a field day.
This is why EVERYTHING MUST be validated on the server-side.
answered Jan 7, 2013 at 16:58
Niet the Dark Absol
326k86 gold badges480 silver badges604 bronze badges
Comments
You can't!!! Once the DOM is at the client side you don't have control over it the best way to ensure security is to handle it also via server side.
