Josh, >Dan - can you describe a scenario in which a hidden form field would get >altered by an ordinary Joe? I haven't had any issues yet, but if it's a >realistic possiblity then I'll need to change my implementation.
Anyone with Firebug installed can go to the HTML tab find a hidden form field and then change the value attribute of a hidden form field. Or using any browser, I could save the page to my hard drive, modify the source, load up my change version and execute the form. The main issue is you're exposing rules that are supposed to be enforced by the server, but you're exposing them to the client. This make it very easy to bypass your server rules and potentially exposing your application to bugs. -Dan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286173 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
