Hi Colin, > <[email protected]> wrote: > > Hi Hassan, > > >> > It can't be nil. When the form is instantiated > > >> Assuredly, it can be -- a request can be generated without your form > >> being involved at all.
Hi Colin, OK, OK. I finally get it. It took a lot of pounding to get me to see the point of view you guys have been espousing. Thankfully, I'm finally on board with you guys. Best wishes, Richard On Aug 9, 11:16 am, Colin Law <[email protected]> wrote: > On 9 August 2010 16:08, RichardOnRails > > <[email protected]> wrote: > > Hi Hassan, > > >> > It can't be nil. When the form is instantiated > > >> Assuredly, it can be -- a request can be generated without your form > >> being involved at all. > > > I don't get it. Can you point me to some tutorial that deals with > > this issue? > > Remember that all your form does is to build an http request and send > it to the server. A hacker can build any http request he likes > without using your form, and send it to your server, with any values > in params that he fancies. > > Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
