joni
>
> -Original Message-
> From: Pete Sergeant [mailto:[EMAIL PROTECTED]]
> Sent: 13 July 2001 15:43
> To: [EMAIL PROTECTED]
> Subject: Re: CGI.pm and form validation
>
>
>
> That which I say three times it true:
>
> Do not trust user input. Do N
cks which would help making the
form more secure in the server end?
joni
-Original Message-
From: Pete Sergeant [mailto:[EMAIL PROTECTED]]
Sent: 13 July 2001 15:43
To: [EMAIL PROTECTED]
Subject: Re: CGI.pm and form validation
That which I say three times it true:
Do not trust user inpu
t: Re: CGI.pm and form validation
That which I say three times it true:
Do not trust user input. Do NOT trust user input. DO NOT TRUST USER INPUT.
As mentioned, users can turn off javascript. You're assuming of course that
skr!pT k1DD13s use browsers. It is trivial to build an HTTP r
That which I say three times it true:
Do not trust user input. Do NOT trust user input. DO NOT TRUST USER INPUT.
As mentioned, users can turn off javascript. You're assuming of course that
skr!pT k1DD13s use browsers. It is trivial to build an HTTP request and
telnet into the server at port 80.
Hello Jim,
I noticed a response telling you to use JavaScript to validate your
form input.
Personally I browse with my JavaScript turned off to avoid pop-up ads
so I don't believe it is a good idea to try to validate information
using it.
Here is an excerpt from my Sams book that could help you
On Fri, 13 Jul 2001, John Edwards wrote:
> I would do this using Javascript in the form.
>
> The advantage of this is the form data is validated without the client
> having to return the form to the server, which then would have to validate
> and return the the client the errors. With JS you can
I would do this using Javascript in the form.
The advantage of this is the form data is validated without the client
having to return the form to the server, which then would have to validate
and return the the client the errors. With JS you can do it all client-side
and only allow the form to be
