H
Hernán Castelo
hi
should i validate cookies values?
thanks
should i validate cookies values?
thanks
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
Jeff Cochran
should i validate cookies values?
Absolutely not, otherwise hackers would have a hard time faking them
to break into your site!
In case it's missed, that's sarcasm. Trust but verify.
Jeff
H
Hernán Castelo
thanks
but
what do you mean
when you say: "trust but verify"?
what is "verify" in this case?
in a newer post
i'm ask if, because the same reason
i need to validate "all " the elements
that i REQUEST at the server side...
(like "Cookies", yes)
and also all the "INPUT" elements
i retrieve with "Request.Form",
being "Text" or "Select" or "Hidden" or whatever
thanks
but
what do you mean
when you say: "trust but verify"?
what is "verify" in this case?
in a newer post
i'm ask if, because the same reason
i need to validate "all " the elements
that i REQUEST at the server side...
(like "Cookies", yes)
and also all the "INPUT" elements
i retrieve with "Request.Form",
being "Text" or "Select" or "Hidden" or whatever
thanks
J
Jeff Cochran
thanks
but
what do you mean
when you say: "trust but verify"?
what is "verify" in this case?
Apologies, possibly a US only term.
This means no matter how much you trust a source as being valid,
always verify what you get from that source.
in a newer post
i'm ask if, because the same reason
i need to validate "all " the elements
that i REQUEST at the server side...
(like "Cookies", yes)
and also all the "INPUT" elements
i retrieve with "Request.Form",
being "Text" or "Select" or "Hidden" or whatever
Anything done on the client can be spoofed or faked at the client end
as well. You can never control the client. So you always need to
control what comes back to the server.
I saw one post that said to verify all the elements you're going to
use, but I'd say you should not request anything you wouldn't use.
Verification means simple things as well as complex. Is it a numeric
filed? Then don't accept non-numeric characters. Have they entered
quotes? Then escape them if you're using them in code. Have they
entered 500 characters for a field that only accepts 24? Trim it to
24 or reject it and make them re-enter it. This last should be
checked on the client *and* the server, the client for entry of more
than the limit for the field, and the server for the same thing, since
you can't guarantee the request they sent actually came from your
form, or was manually entered.
Jeff
H
Hernán Castelo
wonderful
that is just what i was to know
the validations you are mentioning
are just ones i am going to put
thanks
that is just what i was to know
the validations you are mentioning
are just ones i am going to put
thanks
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Eclipse is not making the binaries
- Started by 357mag
-
Beginner. Visual studio wont open with live server
- Started by Tren78
-
How to easily merge multiple PDF files?
- Started by Leemorton01
-
Best Ways to Convert PST to PDF With Attachments
- Started by justinchapman
-
Need help to modify Python macro
- Started by Lumaja
-
How to Migrate OST Data Files from Outlook to HTML?
- Started by treekmostly22
-
Two short programs
- Started by Gabor
-
Number Finder
- Started by HelloIHaveSomeAsThatINeed
-
How to migrate Zimbra TGZ files to PST format?
- Started by Regain@123
-
Word matching with specific parameters
- Started by CascadeDiver