Raul, > Hi Taras, > I'm not sure if Floyd purpose was this, but it is useful to play > around the client side contraints, as they can provide a very good > insight of what the developers implemented on the server side too.
Could you please describe it more because "to play around the client side contraints" is very general? > Both contraints, client and server, should be the same, but sometimes > they are out of sync and entry points (vulnerabilities) can be easily > identified playing around those limits (eg. 29,30,31 for a maxlenght > of 30). Example with maxlenght is not good. Such validation usually is made on JavaScript. What should do in such situation? My point of view is we do not need to pay so much attention to client side *security* validation because it is not so trivial but at same time is not main factor in validation schema. -- Taras ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
