I have added a Captcha control to the Layout Template of the Login control and it works fine. Is the following code needed to validate on the server-side in case a malicious user manages to bypass client validation and submit the form, or would that not be possible?
protected void LoginUser_LoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
{
RadCaptcha RadCaptcha1 = LoginUser.FindControl("RadCaptcha1") as RadCaptcha;
RadCaptcha1.Validate();
if (!RadCaptcha1.IsValid)
{
e.Cancel = true;
}
}
1 Answer, 1 is accepted
0
Hi Daniel,
Shortly, in order to have a secure web site/application it is always recommended to have server-side validation.
Although RadCaptcha is secure enough, we cannot guarantee you that the client-side validation of the form itself cannot be bypassed somehow and finally the form to be submitted without even RadCaptcha validation to be triggered. This is why the server-side validation is offered in first placeāin order to be able to validate the form on the server.
Regards,
Ianko
Telerik
Shortly, in order to have a secure web site/application it is always recommended to have server-side validation.
Although RadCaptcha is secure enough, we cannot guarantee you that the client-side validation of the form itself cannot be bypassed somehow and finally the form to be submitted without even RadCaptcha validation to be triggered. This is why the server-side validation is offered in first placeāin order to be able to validate the form on the server.
Regards,
Ianko
Telerik
Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.