One of the rules of application security is to never implement client-side validation but rely on server-side validation.
I came across an e-card greeting on the "Uniquely Singapore" website and decided to try it out. Hmmmm... the form doesn't allow me to submit an e-card with the recipient and sender emails being the same. Did they implement client-side validation? I decided to disable Javascript in Firefox. I reload the webpage and resubmit. Viola!!! Email sent and received.
This confirms that Javascript is used to validate submissions on the client's machine. The secure way would be to validate on the server so that the client cannot manipulate requests to successfully bypass validation.
Subscribe to:
Post Comments (Atom)
VMware Workstation Pro is now free for personal use!!!
VMware Workstation Pro is now free for personal use!!! However, it was not straight forward to install on Ubuntu as I encountered error mes...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...
No comments:
Post a Comment