[thelist] PHP tip
Hassan Schroeder
hassan at webtuitive.com
Tue Feb 4 13:12:12 CST 2003
Rob Whitener wrote:
> ...but I do believe that proofing on the client
> side would make this a valid way to insert information into the database.
"proofing on the client" means that you can count on the malicious
attacker to have JavaScript enabled to run your screen -- which is
not too likely, eh? :-)
Client-side form validation is fine to minimize round trips caused
by user error, but *security* checks should *always* be server-side.
--
Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
More information about the thelist
mailing list