Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • What's to stop somebody from editing the HTML page with the hidden variables before it gets submitted to the second CGI script? You'd need to do some kind of md5/sha1 checksum of the submitted data and validate it, surely?

    -Dom

    • Hmmm.... good point. This obviously isn't going to be quite as simple as I expected.

      • You only need security there if they can do anything bad with what they submit, ie generally if they can somehow change the price. Normally, they shouldn't be able to, you'd only send the ID of a product and how many of it they're taking and let the remote end do the math using prices in its store. Of course, it wouldn't be the first time I see an online sales system with that kind of hole...

        --

        -- Robin Berjon [berjon.com]