Mark Galbreath wrote:
>
> Everyone (beginning with me) is telling him to use JavaScript.  He
> says (privately to me) that his boss insists that validation take
> place on the server (typical boss - probably from Marketing).

No, his boss has probably remembered something from a security talk.
If you validate on the client side only, you are just waiting to be
hacked..... My favorites are sites that build the SQL for their
queries on the client side in JavaScript and then send them in
a 'hidden' variable. Any compentent SQL programmer can just
dig through their database....

Other fun ones shopping sites who send the price back in hidden
vars, an invitation to name-your-own price if you can write html....

Tim - with his security hat on.....

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to