What for those users who might have bookmarked the page for future visits ,
or purchase in case of products ????
Amit Talwar..
-----Original Message-----
From: BORKMAN Lee [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 07, 2001 6:41 AM
To: Fusebox
Subject: RE: Managing program flow
Yes, but you can possibly live with hidden fields as long as you always
check for a trusted referer.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Hi,
Well Erik It is Absoloutely going cause security hazards if you are using
hidden varables in your page.
Conside this, for example you store price of a product as a hidden
variable. Now if the users saves the page to his system and reduces the
price and then submits the page you will never know that the price is
correct or incorrect as there will be no cross check with the price in the
database.
IMPORTANT NOTICE:
This e-mail and any attachment to it is intended only to be read or used by
the named addressee. It is confidential and may contain legally privileged
information. No confidentiality or privilege is waived or lost by any
mistaken transmission to you. If you receive this e-mail in error, please
immediately delete it from your system and notify the sender. You must not
disclose, copy or use any part of this e-mail if you are not the intended
recipient. The RTA is not responsible for any unauthorised alterations to
this e-mail or attachment to it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
