Do you have a question? Post it now! No Registration Necessary. Now with pictures!
June 21, 2006, 2:13 am
rate this thread
Re: Website security
The usual--validate the hell every stinking variable that form takes
to come up with your definition of what a valid request is, and what
valid input for each of your fields is.
If the person cares enough to send all valid data and spoofs
http_referrer to match and all that, there isn't much reason to worry
since the form they've recreated is sufficiently identical to your own
If you're doing server side validation sufficiently, you won't any
longer care if it's your copy of the form the POST came from or
someone's local copy. Even on your copy of the form, an attacker with
a software web proxy or firefox plugin can add form fields, override
bullet to determine "someone copied my form" you'd still not cut down
your space of worry.