Not if his string is case-sensitive, which it appears to be.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
[T]he people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being
attacked, and denounce the pacifists for lack of
Steven beat me to that one. I was just typing that. Also, it depends on how you implement your form as well. If you use HTML forms and non-flash form with regex validation, then you have _javascript_ that can be turned off. Now if you implement a flash form, I believe the validation stays internal
Say you want to find your string and its 10 to 12 characters in the
hexadecimal character set. You can validate your data with:
[A-F0-9]{10,12}
This will match any hexadecimal number with a minimum of 10 chars and
a maximum of 12. Its a positive way of doing data validation on your
I think what Dean is suggesting here is that it is wiser to validate both from the server and the client. The server validation being more reliable than the client. This is a well adopted paradigm and Dean helps us remember this.
Also, MITM = Man In The Middle, which is a type of attack that can
Jeremy, do you have a blog? That would make a great blog
post. Of course, you could point folks to do a google search where they'd find
still others who've taken the time to write. But at least for CF folks, they may
appreciate hearing of your experience/opinion.
/charlie
This would be a good subject for a
Wednesday meeting! I know I could use a primer!
Robert P. Reil
Managing Director,
Motorcyclecarbs.com,
Inc.
4292 Country Garden
Walk NW
Kennesaw,
Ga. 30152
Office 770-974-8851
Fax 770-974-8852
www.motorcyclecarbs.com
From: Douglas