[thelist] xssi serving up separate css
Paul Backhouse
paul.backhouse at 2cs.com
Fri Oct 12 11:20:14 CDT 2001
hahaha i see your point!
-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Morbus Iff
Sent: 12 October 2001 17:11
To: thelist at lists.evolt.org; thelist at lists.evolt.org
Subject: RE: [thelist] xssi serving up separate css
> ><tip>Always use server-side validation for form input. It is a trivial
> >matter to bypass JavaScript validation in order to populate a database
> >with meaningful code. </tip>
>
>I think you mean "meaningless data" here ;)
>
>and as meaningless data - i really don't understand where you're coming
>from Morbus - how will javascript validation supply you with meaningless
>data inyour database?
The tip didn't make sense to me.
If we know that:
- people can bypass javascript validation rather easily
and we can assume that:
- people could send false "meaningless data" to your
application, such that a new car could be $1.
then this comment:
- matter to bypass JavaScript validation in order to
populate a database with meaningful code.
Doesn't make any sense. Why would someone "bypass Javascript validation" to
"populate your database with meaningful code". That's like saying that I
didn't think you were charging enough money for this car, so I'm bypassing
your javascript to make the car worth $2000 more.
--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !
More information about the thelist
mailing list