Login

07-12-2011, 10:12 AM

[eluser]gunnarflax[/eluser]
If I display a form with users in a dropdown that fulfill a certain requirement, do I need to check that the later submitted form also have a user that fulfill the same requirement? Can that value be changed by the user even if it's in the HTML and not directly editable by the end user? Can it be changed with some tool like firebug?

07-12-2011, 10:14 AM

[eluser]Eric Barnes[/eluser]
I am not 100% sure I follow but yes forms can be spoofed and data can be inserted that you do not account for. All it takes is viewing source, creating an html file from this, altering it, and submitting.

Of course it is also a good idea to make sure all post data originates from your domain but that is another topic Smile

07-12-2011, 10:44 AM

[eluser]gunnarflax[/eluser]
[quote author="Eric Barnes" date="1310505292"]Of course it is also a good idea to make sure all post data originates from your domain but that is another topic Smile

[/quote]

How do I do that? Smile

07-12-2011, 11:33 AM

[eluser]Eric Barnes[/eluser]
[quote author="gunnarflax" date="1310507074"]How do I do that? Smile

[/quote]

Here you go - https://gist.github.com/1078474 :coolsmirk:

07-12-2011, 12:03 PM

[eluser]gunnarflax[/eluser]
Thanks! Much appreciated! Smile