[thelist] xssi serving up separate css

Morbus Iff morbus at disobey.com
Fri Oct 12 11:13:13 CDT 2001


At 12:06 PM 10/12/01, The Optimizer wrote:
 >>  ><tip>Always use server-side validation for form input. It is a trivial
 >>  >matter to bypass JavaScript validation in order to populate a database
 >>  >with meaningful code. </tip>
 >>
 >> I think you mean "meaningless data" here ;)
 >
 >I assume from the emoticon you're joking, but consider the implications of

Ok. I see where I went wrong. I'm reading "trivial matter" in the wrong 
sense. This comment makes sense:

   "It is a trivial matter [for the developer] to bypass Javascript
    validation [with server side validation] in order to populate
    a database with meaningful code."

I was instead reading it as:

   "It is a trivial matter [for a malicious user] to bypass
    Javascript validation in order to populate a database
    with meaningful code."

And that's what didn't make sense to me.


--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus







More information about the thelist mailing list