Hi,
[ I tried to post this yesterday before the other replies came in but it got
bounced; here's my initial reply which is pretty much the same answer as
those posted since: ]
Aside from turning JavaScript off, hackers won't use a web browser to attack
your site, they just send web requests direc
> So, this dude from Poland managed to register without a first name,
> without a last name and likely without an invitation code. I'll deal
> with the EE issues separately, but is there a known issue where
> someone can mess with the jquery in the page to bypass the validation
> that is running?
Client side validation is just there to provide a nicer experience for
humans. If there are conditions that you need to enforce for the sake
of your server-side code or database, then you must do that in your
server-side code.
Nothing stops a hacker from doing a raw submit to your server-side
pag
3 matches
Mail list logo
