[Javascript] DevToolbar

[Conleyj at kubota-kma.com (James Conley)]

Without heaping more burning coals on your head I would like to say that
everything that everyone else has already said on this topic is true -
the IE developer [or any for that matter] toolbar does not give hackers
or any malicious any new abilities they did not already have. The MS IE
Dev Toolbar is MS's answer to the many toolbars that are already
available. There were and still are other IE toolbars from other vendors
that have similar capabilities. The one from MS is IMO more resilient
and does not crash as often among other things.

I'd like to mention that there is a new version of the IE Developer
Toolbar available - I think it's beta 2 refresh or something. I love it
- it's a great asset to web developers though I understand that the
Firefox developer toolbar is better - but I design for Intranet / IE
only.

James c.


-----Original Message-----
From: javascript-bounces@xxxxxxxxxx
[mailto:javascript-bounces@xxxxxxxxxx] On Behalf Of Allard Schripsema
Sent: Wednesday, February 15, 2006 2:41 PM
To: [JavaScript List]
Subject: [Javascript] DevToolbar

Hi All,
This monday someone in this list alerted me about the Microsoft
DevToolbar.
A great plugin for webdevelopers, similar to firefox tools etc.
But also a great "hacker"-tool as i discovered, testing it out on our
(asp-vb) intranet application.

I can rewrite inputs sothat all validation is "erased", create buttons
executing javascript, etc, causing me to have some questions i want to
share with you:

I wonder if these tools mean the end of javascript as a browserside
validator? What is the point in validating clientside, if you have to
rewrite the code on the server?

Is the aspnet viewstate a defence against this kind of pagetampering, or
does it also simply accept changes? How do other languages protect
themselves?
Is there any easy way of protecting the pages against these tools?

thanks,
Allard Schripsema
www.VisualDigital.com.br