I have a lot of processes in my project that needs to be further protected. My main Question is: how can I prevent the user to change any values of HTML tags (edit view) such as (email, mobile .. Etc.).
I'm using asp.net coreenter image description here
CodePudding user response:
Unfortunately on the client side this vulnerability will exist. My advice to you is to validate that information that you think is important on the server side to avoid this kind of situation.
CodePudding user response:
The short answer is you can't prevent anything from happening on the client side. The source code is executed on the client so this results in complete control of the client's user.
What you can do is validate the data on the client (And again it can be manipulated by the users) and validate the information again on the server-side (API level). This will make sure that you get the correct form of data and prevent any malicious data entries.
Here are some great resources about validations: