Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Modiying values in html form

by rnewsham (Curate)
on Nov 03, 2013 at 08:33 UTC ( #1061024=note: print w/replies, xml ) Need Help??

in reply to Re: Modiying values in html form
in thread Modiying values in html form

Although it does hinder casual variable modification, anyone who is knowledgeable enough to attempt such attacks is probably more than capable of sending a valid request if they want. There are many browser plugins that allow for easy editing of forms which makes it hardly any more effort to edit a POST compared to a GET. In my opinion the gains in the slight increase in workload for an attacker do not outweigh the time and effort to implement, maintain and debug the obfuscation.

I believe it is far more important to whitelist and sanitise any inputs, this is where your efforts should be focused. If a hole exists someone can find it no matter how well you conceal the entrance, far better to close the holes.

That said if you want the peace of mind and are willing to expend the time and effort, any increase in security can only be a positive thing.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1061024]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2020-11-27 10:46 GMT
Find Nodes?
    Voting Booth?

    No recent polls found