Re: Form Security

Chung Leong wrote:
Jerry Stuckle wrote:

And I wasn't interpreting it in the "worst of light". I was
interpreting it in the light of simple security.

What he's proposing is false security - which is worse than no security
at all. At least with the latter you know you have potential
vulnerabilities.


I really don't know what to say. The OP proposed a method for stopping
one type of cross-site scripting attack and here you are insisting that
it's crap because it doesn't stop bots.


And it doesn't stop what he's trying to stop!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

Relevant Pages

  • Re: Form Security
    ... don't really feel the need to interpret other people's statements in ... What he's proposing is false security - which is worse than no security at all. ... this isn't great security - but what he's proposing will NOT stop auto-submission by any means. ...
    (comp.lang.php)
  • Re: Form Security
    ... Jerry Stuckle wrote: ... What he's proposing is false security - which is worse than no security ...
    (comp.lang.php)
  • Re: Form Security
    ... What he's proposing is false security - which is worse than no security ... it's crap because it doesn't stop bots. ...
    (comp.lang.php)
  • Re: Form Security
    ... What he's proposing is false security - which is worse than no security ... it's crap because it doesn't stop bots. ...
    (comp.lang.php)
  • CALL FOR PRESENTATIONS: Distibuted Object Security (DOCsec 2002) Workshop
    ... Sixth Annual Distributed Objects and Components Security Workshop ... proposing for the Workshop. ... For additional details on the topics and instructions on how to submit ...
    (comp.security.firewalls)