Hidden Fields

Hidden fields are commonly used to keep state between page requests; however, they often leak sensitive information and are a target for attackers. These fields are often left unchecked by the web application since unaware developers may not understand that they are able to be manipulated and can, therefore, lead to more serious vulnerabilities, as described previously in "Data Validation." If the data within these fields are not required to be passed to the user, then the data should be stored on the server side to minimize possible attack avenues. If hidden fields are absolutely required, then create a strong digest with the hidden field values and a private key or passphrase that is stored on the server. This will allow the data to be validated after it has been posted back to the web application to ensure that the hidden field values have not been manipulated.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment