[thelist] xssi serving up separate css

[Paul Backhouse]

hahaha i see your point!

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Morbus Iff
Sent: 12 October 2001 17:11
To: thelist at lists.evolt.org; thelist at lists.evolt.org
Subject: RE: [thelist] xssi serving up separate css


 > ><tip>Always use server-side validation for form input. It is a trivial
 > >matter to bypass JavaScript validation in order to populate a database
 > >with meaningful code. </tip>
 >
 >I think you mean "meaningless data" here ;)
 >
 >and as meaningless data  - i really don't understand where you're coming
 >from Morbus - how will javascript validation supply you with meaningless
 >data inyour database?

The tip didn't make sense to me.

If we know that:

    - people can bypass javascript validation rather easily

and we can assume that:

    - people could send false "meaningless data" to your
      application, such that a new car could be $1.

then this comment:

    - matter to bypass JavaScript validation in order to
      populate a database with meaningful code.

Doesn't make any sense. Why would someone "bypass Javascript validation" to
"populate your database with meaningful code". That's like saying that I
didn't think you were charging enough money for this car, so I'm bypassing
your javascript to make the car worth $2000 more.


--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus




---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !