Although it does hinder casual variable modification, anyone who is knowledgeable enough to attempt such attacks is probably more than capable of sending a valid request if they want. There are many browser plugins that allow for easy editing of forms which makes it hardly any more effort to edit a POST compared to a GET. In my opinion the gains in the slight increase in workload for an attacker do not outweigh the time and effort to implement, maintain and debug the obfuscation.
I believe it is far more important to whitelist and sanitise any inputs, this is where your efforts should be focused. If a hole exists someone can find it no matter how well you conceal the entrance, far better to close the holes.
That said if you want the peace of mind and are willing to expend the time and effort, any increase in security can only be a positive thing.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|