How to restrict users from removing read-only property from source code in webpage?

How to restrict users from removing read-only property from source code in webpage?

  


As you can see in the screenshot below, we can restrict the user from typing in the input box by changing the Enabled property to “False”


But by View sourcecode in the webpage, the user can delete the read-only property and so the user can type whatever he/she wants in the input box.

This is a serious security issue. How can we avoid such situtation? How to restrict the user from deleting the read-only property from source code? Or is there any possibility of hiding the source code from the user?

Please help me to resolve this issue!


 



If you don't want the user changing a value, then don't use an input field, but use a label or an expression. You can easily put an IF in the screen to switch between an input field or an expression. If you really want the looks of an input field, you could try and achieve that with css so that the text looks like an input field.

You are correct that disabling the input field is a very bad practice.

Hi Ananth.

What I usually do is, if this is to stay disable, I took off the input widget and put an expression in it's place with the return of the attribute that was in the input widget.

With this, no one can break security.


Hope this can help.


Best regards,

Ricardo

Hi Ananth,

If that input field is part of a form or any type or of submitting field on a page where you expect the user to send information to the server, and you really want to keep as a disabled input field (and not changing to an expression), you can do all validations on the Submit Action, checking if said value was changed, etc. 

This way, even if he changes the properties on the source code, he wouldn't be able to do any changes on the server.

Cheers,
André

Hi Ananth,

There are two way to achieve it.

1. Remove the textbox and use expression or label.

2. If you want to textbox there then you need to put the logic on Save/Submit action to save original value not changed value.


My suggestion is remove textbox and expression or label in such cases.

Regards

-SK-

Hi Ananth,

Their are two possible solutions for your problem ->

1. Use an Expression instead of InputBox.

2. Disable "Right click" and "F12" by applying the below mentioned java script.


$(document).keydown(function(event){
    if(event.keyCode==123){
        return false;
    }
    else if (event.ctrlKey && event.shiftKey && event.keyCode==73){        
             return false;
    }
});

$(document).on("contextmenu",function(e){        
   e.preventDefault();
});

Ok people, I'm gonna close the topic, it's clear what the solution is, no need for an endless repeat.