Hacking DropDownList value

Question

I\'ve got a DropDownList and I\'m trying to prevent it from being used as an attack vector. Can I assume that the user is unable to actually change the values of the DDL and

Answer 1

No, you can't assume that.

You should always consider that all input is untrusted, and treat it appropriately (make sure it is what it should be, and that it is of the right type, and that the current user (or whatever) has access to it, and so on).