Matthew McKay wrote: > On Mon, Jun 1, 2009 at 2:43 PM, James Ausmus > <james.ausmus.li...@gmail.com>wrote: > >> On Mon, Jun 1, 2009 at 12:32 PM, Matthew McKay <m...@mattmckay.org> wrote: >>> It would be much simpler and cleaner to use Javascript to modify the >> form's >>> action attribute onClick. >>> >> Not really. What about clients who don't have Javascript installed? >> What about users who want to either do something nefarious or just to >> see what happens, - exposing your "Delete my record"-specific PHP >> code could potentially cause security holes. The less of your internal >> interface/structure you expose to the end user, the less easy it is >> for the casual script kiddies to find the security holes that you have >> (and yes, everyone has them... ;) ) >> >> -James >> > > How is passing parameters to a 'delete' action different than passing > 'delete' as a parameter to a general purpose action? > You do have a point with not all clients having Javascript. It would be a > business decision on the part of Shawn if he wants to support the fraction > of users running browsers without support for the most basic of extensions. >
I'm not the OP, just a commenter. It would be Angus's decision. :-) -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
