用户可以编辑隐藏字段吗? [英] Can hidden fields be edited by the user?

问题描述

添加安全问题，以便用户在超过最大尝试次数时可以重置密码.将这些隐藏字段用于身份验证机制是否不好?

adding in security questions so that users may reset their passwords if they exceed maximum attempts. is it bad to do hidden fields such as these for authentication mechanism?

<input type="hidden" name="securityAnswered" value=true>
<input type="hidden" name="exceededAttempts" value=true>

用户可以从客户端进入并编辑这些隐藏字段吗?

could a user go in and edit these hidden fields from the client side?

推荐答案

用户能否从客户端进入并编辑这些隐藏字段?

could a user go in and edit these hidden fields from the client side?

当然！客户端上的任何内容都可以编辑.您无法阻止用户这样做.

Of course! Anything on the client side can be edited. You cannot stop users from doing that.

您必须记住，客户端可以随时向服务器发布任何内容.

You have to keep in mind that the client can post to the server any content, any time.

这篇关于用户可以编辑隐藏字段吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！