Ummmm. Calm down geezer.
I was just suggesting an alternative. Not saying he should use only JS. Use
JS to do simple validation on the form so the client doesn't have to keep
querying the server to do simple validation. Once the JS feels the form is
OK to submit, validate properly in perl. Doing this you get the best of both
worlds. Speed for the client in simple form validation and security on the
server.
I think you need to drink less coffee dude...
John
-----Original Message-----
From: Pete Sergeant [mailto:[EMAIL PROTECTED]]
Sent: 13 July 2001 15:43
To: [EMAIL PROTECTED]
Subject: Re: CGI.pm and form validation
That which I say three times it true:
Do not trust user input. Do NOT trust user input. DO NOT TRUST USER INPUT.
As mentioned, users can turn off javascript. You're assuming of course that
skr!pT k1DD13s use browsers. It is trivial to build an HTTP request and
telnet into the server at port 80.
Javascript is nice for telling users if they've got it wrong. If you're
going to trust it, you're on crack.
Hope This Helps
{Pete
-------------------------------------------------------
($_='Yw_xUabcdtefgdijktljkotiersjkUzxT
yvlkbfdtcierstajogvPruntRshackRJelov')
=~y/RTUv;wxYz$/ ~'\/;$=();/;eval;print
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------Confidentiality--------------------------.
This E-mail is confidential. It should not be read, copied, disclosed or
used by any person other than the intended recipient. Unauthorised use,
disclosure or copying by whatever medium is strictly prohibited and may be
unlawful. If you have received this E-mail in error please contact the
sender immediately and delete the E-mail from your system.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
