Re: Modiying values in html form


Keep It Simple, Stupid
	PerlMonks

Re: Modiying values in html form

by Biker (Priest)

on Jan 22, 2002 at 19:32 UTC ( [id://140673]=note: print w/replies, xml )

Need Help??

in reply to Modiying values in html form

You must verify that all 'important' values are 'reasonable' when they come up to your .cgi application.
For instance, the price for an article that the visitor is going to buy should not be stored on the client side. Or at least, your .cgi application should not use it. Because a smart(?) client could change it and buy your product for 1 cent. Or for -100 dollars. (Hup! Will you send the money with the product? :-)

Some basic rules of thumb:
- Almost anything provided by the visitor may be stored in the visitors browser.
- Anything provided by your site cannot be trusted if it's been down to the client. You must verify and check it again. (Like using the price from your database, not from the client browser.)
- If you want to give the visitor some sort of safety, like using a password or such, it will become even more complicated.

Best regards
Biker

Comment on Re: Modiying values in html form

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://140673]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others exploiting the Monastery: (8)

As of 2024-04-23 07:49 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found