[thelist] JavaScript Pseudo-Security

Richard Bennett richard.bennett at skynet.be
Sun May 26 12:00:01 CDT 2002


Hi
----- Original Message -----
From: "Hershel Robinson" <hershelr at netvision.net.il>

Just remember to do the final logging-in server-side, javascript will never
be really secure.

Don't forget that users can change timer and cookie values from the
Address-bar if they do something like this:

javascript;timerVar=0

//PS: We'll have no smiling nor 'cheers' from you, Bennett. :)
I almost refrained from replying all together this time :o)
oh - sorry...

ch.. err Best Regards,

Richard.





More information about the thelist mailing list