On 29/03/2008, Paul Gilmartin <[EMAIL PROTECTED]> wrote: > There's a thread ongoing in MVS-OE on CGI security. The first > principle is: don't trust data received over the network. The > second is: don't trust Javascript validation on the client side. > Always remember that your potential adversary controls the client.
There's a recent thread on Bruce Schneier's blog on The Security Mindset. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Somehow it seems that people either think this way or they don't. That anyone in 2008 could consider for a moment doing validation of anything important on the client side is astonishing. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
