[thelist] xssi serving up separate css
Morbus Iff
morbus at disobey.com
Fri Oct 12 11:13:13 CDT 2001
At 12:06 PM 10/12/01, The Optimizer wrote:
>> ><tip>Always use server-side validation for form input. It is a trivial
>> >matter to bypass JavaScript validation in order to populate a database
>> >with meaningful code. </tip>
>>
>> I think you mean "meaningless data" here ;)
>
>I assume from the emoticon you're joking, but consider the implications of
Ok. I see where I went wrong. I'm reading "trivial matter" in the wrong
sense. This comment makes sense:
"It is a trivial matter [for the developer] to bypass Javascript
validation [with server side validation] in order to populate
a database with meaningful code."
I was instead reading it as:
"It is a trivial matter [for a malicious user] to bypass
Javascript validation in order to populate a database
with meaningful code."
And that's what didn't make sense to me.
--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the thelist
mailing list