Don't ask to ask, just ask | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
You must verify that all 'important' values are 'reasonable' when they come up to your .cgi application.
For instance, the price for an article that the visitor is going to buy should not be stored on the client side. Or at least, your .cgi application should not use it. Because a smart(?) client could change it and buy your product for 1 cent. Or for -100 dollars. (Hup! Will you send the money with the product? :-) Some basic rules of thumb: - Almost anything provided by the visitor may be stored in the visitors browser. - Anything provided by your site cannot be trusted if it's been down to the client. You must verify and check it again. (Like using the price from your database, not from the client browser.) - If you want to give the visitor some sort of safety, like using a password or such, it will become even more complicated. Best regards Biker In reply to Re: Modiying values in html form
by Biker
|
|