Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- POST validation
- "GEO" Me
October 6, 2005, 6:45 pm
rate this thread
I have read a few comments against doing validation using
POST I wondered what would happen if I pasted a long sentence from the
same page in the login box. I got a message of: 'HTTP 500.100 Internal
Is this a problem of validation with POST, or just of the setup of
Page where it happened:
Re: POST validation
On 06/10/2005 15:45, "GEO" Me@home.here wrote:
Care to identify those comments?
There is no problem with employing client-side validation (when done
well). The issue lies with relying on such a scheme. As client-side
scripting can be either disabled or circumvented, omitting server-side
checks could lead to security vulnerabilities, as well as errors thrown
in server-side code if you assume that all erroneous data will have been
rejected. There are also cases where client-side checking is infeasible.
One doesn't perform input validation using POST. It's a HTTP transfer
method (along with GET, HEAD, PUT, etc.)
No, of course not. Every form you encounter on the Web should be
employing server-side checks, and most of those forms will be sending
their data to that server using the POST method.
Prefix subject with [News] before replying by e-mail.
Re: POST validation
"GEO" Me@home.here wrote:
I agree with everything Mike said. In addition:
The Internal Server Error indicates that the code at the server failed
to adequately check the input from the form. In this case, it allowed a
very long input (the sentence you copied) where only a short one (an ID
or password) was expected. The most likely result is that the long data
was stored into a short field and slopped over the top of adjacent data
that was important. Things went downhill from there.
Every time a programmer makes an assumption, a system dies somewhere.
- » excel fixed colums effect on a website without frames
- — Previous thread in » HTML Authoring Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum