Re: Form Security
- From: "Chung Leong" <chernyshevsky@xxxxxxxxxxx>
- Date: 11 Mar 2006 15:35:43 -0800
Jerry Stuckle wrote:
Chung Leong wrote:
Jerry Stuckle wrote:
And I wasn't interpreting it in the "worst of light". I was
interpreting it in the light of simple security.
What he's proposing is false security - which is worse than no security
at all. At least with the latter you know you have potential
vulnerabilities.
I really don't know what to say. The OP proposed a method for stopping
one type of cross-site scripting attack and here you are insisting that
it's crap because it doesn't stop bots.
And it doesn't stop what he's trying to stop!
How so? Because...it doesn't stop bots?
.
- Follow-Ups:
- Re: Form Security
- From: Jerry Stuckle
- Re: Form Security
- References:
- Form Security
- From: Scott
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- From: Jerry Stuckle
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- From: Jerry Stuckle
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- From: Jerry Stuckle
- Re: Form Security
- From: Chung Leong
- Re: Form Security
- From: Jerry Stuckle
- Form Security
- Prev by Date: Re: Custom Error Message Pages
- Next by Date: Re: str_ireplace() for php4?
- Previous by thread: Re: Form Security
- Next by thread: Re: Form Security
- Index(es):
Relevant Pages
|
