I am adding custom attributes server side and then using them for some basic client side logic.
I am then accessing them on post-back on the server as well. Is there a way to prevent client side setAttribute? Attributes be accessed via setAttribute and be over written, right? Can I prevent this?
Thanks, Marty
I am then accessing them on post-back on the server as well. Is there a way to prevent client side setAttribute? Attributes be accessed via setAttribute and be over written, right? Can I prevent this?
Thanks, Marty
7 Answers, 1 is accepted
0
Hello Marty,
Could you elaborate a bit more about the scenario you attempt to achieve? In addition, the setAttribute() client-side method is used when you need to add a certain attribute to the Attributes collection. You could access a certain attribute with the help of the getAttribute() client-side method. Here you could find our help article, describing those and other helpful client-side methods.
Greetings,
Nencho
the Telerik team
Could you elaborate a bit more about the scenario you attempt to achieve? In addition, the setAttribute() client-side method is used when you need to add a certain attribute to the Attributes collection. You could access a certain attribute with the help of the getAttribute() client-side method. Here you could find our help article, describing those and other helpful client-side methods.
Greetings,
Nencho
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
moegal
Top achievements
Rank 1
Rank 1
answered on 25 Oct 2012, 10:29 AM
I am using attributes to help with calculations for pricing and turnaround of products, I just wanted to know if I should use the custom attributes on postback or can they be altered by the client. If so can I prevent this.
I have been reading the docs and I am not clear. It appears that the original custom attributes are not actually changed client side. Can you confirm this?
Marty
I have been reading the docs and I am not clear. It appears that the original custom attributes are not actually changed client side. Can you confirm this?
Marty
0
Hello Marty,
Could you clarify, if your concerns are originated from a security point of view?
If so, you could store the attribute in a hidden field and when a PostBack is fired you could check if the set values are the same.
Please correct me if I had misunderstood your scenario.
Greetings,
Nencho
the Telerik team
Could you clarify, if your concerns are originated from a security point of view?
If so, you could store the attribute in a hidden field and when a PostBack is fired you could check if the set values are the same.
Please correct me if I had misunderstood your scenario.
Greetings,
Nencho
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
moegal
Top achievements
Rank 1
Rank 1
answered on 26 Oct 2012, 02:13 PM
Nencho,
yes a security issue.
I would like to use custom attributes to calculate values for my clients and then use the custom attributes again to enter data into my database. I am only using the attribute and not the calculations.
Marty
yes a security issue.
I would like to use custom attributes to calculate values for my clients and then use the custom attributes again to enter data into my database. I am only using the attribute and not the calculations.
Marty
0
Hi Marty,
In order to demonstrate the approach that I have suggested you - I prepared a sample page.
Please find it attached.
In case your scenario is different - please modify the sample to illustrate it and send the page back to us within a support ticket. With more detailed information on our side we will be able to provide you more precise solution.
Regards,
Nencho
the Telerik team
In order to demonstrate the approach that I have suggested you - I prepared a sample page.
Please find it attached.
In case your scenario is different - please modify the sample to illustrate it and send the page back to us within a support ticket. With more detailed information on our side we will be able to provide you more precise solution.
Regards,
Nencho
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
moegal
Top achievements
Rank 1
Rank 1
answered on 02 Nov 2012, 01:20 PM
Nencho,
thanks for the sample. I am still unclear though. So a client can change the attributes that I would use on post back. but they can change the hidden value as well, right?
but I think I am ok. while I do some client side calculations, i do a recalculation on postback when I recreate each control and that is where I check the attributes, so I think those are secure. I am really only looking at the client selection and then the server version of the attribute.
so I recreate the control and then I do something like:
Marty
thanks for the sample. I am still unclear though. So a client can change the attributes that I would use on post back. but they can change the hidden value as well, right?
but I think I am ok. while I do some client side calculations, i do a recalculation on postback when I recreate each control and that is where I check the attributes, so I think those are secure. I am really only looking at the client selection and then the server version of the attribute.
so I recreate the control and then I do something like:
RadComboBox quantityId = (RadComboBox)Calc.FindControlRecursive(page, "quantityId"); RadComboBoxItem quantityIditem = quantityId.FindItemByValue(quantityId.SelectedValue); RadNumericTextBox lblquantityId = (RadNumericTextBox)Calc.FindControlRecursive(page, "lblquantityId"); lblquantityId.Text = quantityIditem.Attributes["P"]; subtotal += Convert.ToInt64(quantityIditem.Attributes["P"]); turn += Convert.ToInt32(quantityIditem.Attributes["T"]); qty = Convert.ToDecimal(quantityIditem.Attributes["Q"]);Marty
0
Hello moegal,
Indeed, usage of the HiddenField is not the best option in your scenario.
However you can perform as much validation or calculation work as you can on the server, so you are on the right way.
Greetings,
Kalina
the Telerik team
Indeed, usage of the HiddenField is not the best option in your scenario.
However you can perform as much validation or calculation work as you can on the server, so you are on the right way.
Greetings,
Kalina
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.