Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there a security reason to validate a textbox input if you are limiting the max length of the input?

Tags:

c#

asp.net

Since I'm new to coding and I'm trying to understand why here is a little more detail on the question.

If you have a text box and you are limiting the input to say 2 charactrs do you really need to validate the input further?

What I have is a text box that has a max length of 2. Is there a security reason to add a validator to the textbox. I should add this is in Asp.net.

like image 973
Andy J Avatar asked Dec 01 '22 04:12

Andy J


2 Answers

Yes, you must still check. Setting the MaxLength property only sets the MaxLength attribute on the input element; a user can simply remove that value in the HTML source they are getting, or 'hack' it via any of many tools available.

Your server still needs to make sure it's only 2 characters, with server-side validation.

like image 172
Andrew Barber Avatar answered Dec 03 '22 16:12

Andrew Barber


Are you talking about server-side validation of the input? If so, then you should validate beacuse anyone can build a HTTP POST request without passing through a browser, in which case their is no 2 character limit.

However, the security validation just depends on what you're going to accomplish with the given input. If you're constructing a database query, sending an e-mail or other such thing using the input, then you should always validate, independantly of input length.

like image 42
André Caron Avatar answered Dec 03 '22 17:12

André Caron