Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

Being Too Clever More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

Security Hole! (Score:1)

by Dom2 (2981) <{dom} {at} {happygiraffe.net}> on 2002.09.05 10:33 (#12532) Homepage Journal

What's to stop somebody from editing the HTML page with the hidden variables before it gets submitted to the second CGI script? You'd need to do some kind of md5/sha1 checksum of the submitted data and validate it, surely?
-Dom

Reply to This
- Re:Security Hole! (Score:2)
  
  by davorg (18)
  
  Hmmm.... good point. This obviously isn't going to be quite as simple as I expected.
  - Re:Security Hole! (Score:2)
    
    by darobin (1316)
    
    You only need security there if they can do anything bad with what they submit, ie generally if they can somehow change the price. Normally, they shouldn't be able to, you'd only send the ID of a product and how many of it they're taking and let the remote end do the math using prices in its store. Of course, it wouldn't be the first time I see an online sales system with that kind of hole...
    
    --
    -- Robin Berjon [berjon.com]

Get More Comments

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.