> although it's not really specific to the use of Java. You're taking input
> from a form and simply using it without validating it first. What would
> happen if the user specified an invalid value for form.redirect?
Hi Dave,
This is just a snippet. The form itself doesn't allow the user to enter the
redirect, it's entered by the developer in a hidden field, though I suppose
if someone wanted to hack it they easily could.
So, if I encrypted the redirect on the form page and unencrypted it on the
page where I want to do the forward. Then, are there any major issues?
As to your question about untrustworthy developers vs. untrustworthy users,
I'm really not sure.
-d
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
