Forum Discussion
schusb
Nimbostratus
NimbostratusASM block requests with modified readonly attribute values
Is there a way to block requests whose form was tampered at client side so that a the value of a readonly html input element was set to a new value?
UPDATE:
We've a input field which has set the readonly attribute if the user is in a specific role, hence it's not editable for him but for users with a more privileged role it is possible to change that value.
Sadly!!!, there's no further validation in place. We want to save the pain of implementing the missing validation layer for this quite old application. It would be a huge benefint to usif the ASM- module is able to validate the
readonlyThanks, a bunch!
cjuniorNacreous
Hi, yes is possible. See about static and dynamic parameters implementations.
Basically, for static parameters you set a list of possible values and for dynamic parameters, you set a extraction to capture that parameters values.
Regards.
boneyardMVP
cjunior is suggesting (i believe) to add that readonly variable and only allow it with the value "readonly".
but im not sure that is what you want, you want a double check, if the readonly=readonly then the value= can't be changed right?
if you require that double logic, so the value for one variable determines something of another variable then i don't believe that is possible.