Ha-ha, I think I know how to dump and drop databases of most sites made with coldfusion :). That settles it then; I am not using hidden input tags for validation.
-- Oleg Gunkin Email: [EMAIL PROTECTED] Phone: (604) 666-9392 Emerging Technologies / Pacific Web Services Information Technology Services Public Works and Government Services Canada (Pacific) -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 16:07 To: CF-Talk Subject: RE: Server-side validation with hidden input tags and security? I think he's talking about this: http://livedocs.macromedia.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/h tml/wwhelp.htm?context=ColdFusion_Documentation&file=00001380.htm and no, it's not secure-per-se as a user can get around it by editing the form, but it's secure enough so that if somebody messes around with it, and gets an error message, it's their own fault, and as long as they can't do anything malicious, no harm done. Russ > -----Original Message----- > From: Rick Root [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 09, 2006 6:56 PM > To: CF-Talk > Subject: Re: Server-side validation with hidden input tags and security? > > What kind of stuff are you trying to "validate"? > > Rick > > Oleg Gunkin wrote: > > It seems hard to believe that using special hidden input tags for > server-side validation is a very secure method because user can save the > form and remove the hidden tags; therefore, bypass the validation. Please, > correct me if I am wrong. I want to know if I understand it right. Is > using special hidden tags in forms really a secure method? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:234950 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
