Browse Prior Art Database

Tamper-Proofing the Design of HTML Forms

IP.com Disclosure Number: IPCOM000013951D
Original Publication Date: 2000-Dec-01
Included in the Prior Art Database: 2003-Jun-19
Document File: 4 page(s) / 59K

Publishing Venue

IBM

Abstract

Disclosed is a technique to easily detect that the values of one or more hidden HTML fields in a form have been tampered with. The Web, as attractive as it is, has its fair share of limitations. One of the problems with the thin-client paradigm is that, because the HTTP protocol is stateless, so is the client. As a result, developing Web applications that maintain continuity across pages requires extra effort. Several techniques to achieve continuity between web pages have become common practice in the Web development community. One of these techniques is the use of hidden HTML fields to pass key information from one page to the next. For example, in a typical shopping checkout implementation you are likely to find hidden fields to pass key information about the items being purchased from the shopping cart page to the checkout page. The HTML source will look something like the following:

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 44% of the total text.

Page 1 of 4

Tamper-Proofing the Design of HTML Forms

Disclosed is a technique to easily detect that the values of one or more hidden HTML fields in a form have been tampered with. The Web, as attractive as it is, has its fair share of limitations. One of the problems with the thin-client paradigm is that, because the HTTP protocol is stateless, so is the client. As a result, developing Web applications that maintain continuity across pages requires extra effort. Several techniques to achieve continuity between web pages have become common practice in the Web development community. One of these techniques is the use of hidden HTML fields to pass key information from one page to the next. For example, in a typical shopping checkout implementation you are likely to find hidden fields to pass key information about the items being purchased from the shopping cart page to the checkout page. The HTML source will look something like the following:

< INPUT NAME = "Quantity_hidden" VALUE = "1" TYPE = HIDDEN > < INPUT NAME = "Price_hidden" VALUE = "49.99" TYPE = HIDDEN >

This information is not visible on the page rendered by the browser, however, it is part of the Document Object Model (DOM) of the page and is available programmatically to any scripts and/or agents that process the page both on the client and on the server.

As is the case with any web page programmability at the client-side, hidden fields can be tampered with before transmission to the server. Malicious users tamper with hidden fields to breach the intended functionality of the web application.

A simple yet popular hacking technique involves the following steps:

Save page source to local disk.


1.


2.


3.

Change relative URL's to absolute URL's. For example, you would change "<

FORM METHOD = post ACTION = "/... " to "< FORM METHOD = post ACTION = " http://host/ ..." using an editor.

Tamper with the values of any hidden fields using an editor. For example, you

could change "< INPUT NAME = "Price_hidden" VALUE = "49.99" TYPE = HIDDEN >" to "< INPUT NAME = "Price_hidden" VALUE = "1.00" TYPE = HIDDEN >".

Open the local file using a browser.


4.


5.

As a result, it is necessary, even though it isn't commonly done, for any server-side scripts that process form submissions to ensure that the hidden fields that they base their processing on haven't been tampered with. One approach would be to re-compute all hidden field values. The reason the hidden fields are there in the first place is because it is difficult and in many cases impossible to re-compute their values.

Submit the form.

1

Page 2 of 4

The technique being disclosed can be used to tamper-proof hidden HTML fields in a form. The two key requirements for such a technique would be:

It must detect tamper in one or more selected hidden fields.

It must be such that it cannot be compromised.


1.


2.

The technique uses a checksum computed using the values of all hidden HTML fields that need to be tamper-proof plus a password set by the developer to...