RE: Question: Validation on select boxes and lists.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[snip]
>
> How would a hacker pass an HTTP message ?
> That is interesting.

read the off-list posted message from php-list-replies@xxxxxxxxxxxxxxxxxxxxx

(reproduced below for the benefit of other list members)

Graham
------

From: php-list-replies@xxxxxxxxxxxxxxxxxxxxx
[mailto:php-list-replies@xxxxxxxxxxxxxxxxxxxxx]
Sent: 21 October 2004 23:07
To: Graham Cossey; Stuart Felenstein
Subject: RE:  Question: Validation on select boxes and lists.


 you have to remember that the user isn't really "filling in a form on
your site", rather they are "retrieving a page from your site,
storing it on their machine (most times temporarily in their browser)
and then sending it back to your site". if you think of it in the
latter manner you'll realized that while they have it on their
machine, the user can save and edit the form to meet their desires
before sending it back.

as such, *all* data input, (whether from a text area, pulldown,
checkbox, or radio button) should be validated on your side.

an amusing thing to do is to find a site/page that puts prices as the
values on say a pulldown or checkbox. edit these values to something
more to your liking and then submit the form. you could end up being
charged your "price of choice", rather than what the site thought
they were going to charge you.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux