ASP.NET Defending Against Form Hackers
Something I’ve pondered previously: an ASP.NET page is populated with data retrieved from ViewState, is it possible to falsify the ViewState in the POST and trick the server into doing something that it shouldn’t. In other words, a scenario where the original developer is just “trusting” information coming from ViewState. Here’s an example – a […]