Re: Form Security
- From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
- Date: Fri, 10 Mar 2006 23:57:24 -0500
Chung Leong wrote:
Jerry Stuckle wrote:
I know *exactly* how auto-form-submission works. In fact, from your
posts here I expect I know a lot more about it than you do. I've been
in this field too many years. What you describe is only *one way* it can
happen. And it's not even the most common.
What I described was a vulnerability that can be countered by the
method proposed by the OP. Thus I assumed that is in fact what he is
referring to when he said auto-submission and responded accordingly. I
don't really feel the need to interpret other people's statements in
the worst light in order to show that I'm more knowledgeable.
And I wasn't interpreting it in the "worst of light". I was interpreting it in the light of simple security.
What he's proposing is false security - which is worse than no security at all. At least with the latter you know you have potential vulnerabilities.
And no, this isn't great security - but what he's proposing will NOT stop auto-submission by any means.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.
- Follow-Ups:
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- References:
- Form Security
- From: Scott
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- From: Jerry Stuckle
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- From: Jerry Stuckle
- Re: Form Security
- From: Chung Leong
- Form Security
- Prev by Date: Re: php best practise
- Next by Date: Re: $request problem
- Previous by thread: Re: Form Security
- Next by thread: Re: Form Security
- Index(es):
Relevant Pages
|
