That is of course the other angle on this... maybe you can argue that
this is only a substantial security problem in certain contrived
situations... ok, fine :) ... but, as Paul points out, it makes it
exceedingly easy to break an application. That's a Denial Of Service
risk, so it still falls in the category of security problem. DOS
attacks are generally considered a lower-tier security issue, but a
security issue none the less :)
Frank
Paul Benedict wrote:
Rick you said:
I must still be missing something.. what is the big deal here? If you don't
code to handle the
cancel nothing serious can happen, and if you do code for a cancel, what's the
worst case
scenario?
Yes, you are missing something :) If you don't code the cancel, then your
action gets called with
non-validated data. How well do your actions work with a form that's filled
with garbage??? :)
Maybe you have some numeric fields; let's try passing in some characters to see
how the app
reacts.
Paul
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
