[thelist] xssi serving up separate css
Morbus Iff
morbus at disobey.com
Fri Oct 12 11:10:19 CDT 2001
> ><tip>Always use server-side validation for form input. It is a trivial
> >matter to bypass JavaScript validation in order to populate a database
> >with meaningful code. </tip>
>
>I think you mean "meaningless data" here ;)
>
>and as meaningless data - i really don't understand where you're coming
>from Morbus - how will javascript validation supply you with meaningless
>data inyour database?
The tip didn't make sense to me.
If we know that:
- people can bypass javascript validation rather easily
and we can assume that:
- people could send false "meaningless data" to your
application, such that a new car could be $1.
then this comment:
- matter to bypass JavaScript validation in order to
populate a database with meaningful code.
Doesn't make any sense. Why would someone "bypass Javascript validation" to
"populate your database with meaningful code". That's like saying that I
didn't think you were charging enough money for this car, so I'm bypassing
your javascript to make the car worth $2000 more.
--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the thelist
mailing list