OT: client vs. server-side validation (was: Are the data users happy? Wh

To: "Alaric B. Snell" <alaric@a...>
Subject: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
From: ari@c... (K. Ari Krupnikov)
Date: 24 Feb 2003 17:40:43 +0000
Cc: ari@c... (K. Ari Krupnikov), Berend de Boer <berend@x...>, <michael.h.kay@n...>, <xml-dev@l...>
In-reply-to: <E18nGAf-000320-00@c...>
References: <000701c2db85$b7328570$6401a8c0@pcukmka> <uel5yd4r1.fsf@x...><f0f4r6uedl7.fsf@p...><E18nGAf-000320-00@c...>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Play the video

"Alaric B. Snell" <alaric@a...> writes:

> You can sometimes have fun with shopping sites that use third party credit 
> card payment systems by getting to the page that has the form that submits to 
> the third party, saving it to disk, editing the hidden fields for 'amount' to 
> a smaller number but leaving the order number intact, then submitting it.

I keep hearing it... Have you actually seen this exploited? Don't
implicate yourself, if you had a *friend* who did, that should be
enough to satisfy my curiosity.

Ari.

Follow-Ups:
- Re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
  - From: "Alaric B. Snell" <alaric@a...>
- re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
  - From: David Megginson <david@m...>

References:
- RE: Re: Are the data users happy? Why not?
  - From: "Michael Kay" <michael.h.kay@n...>
- Re: Re: Are the data users happy? Why not?
  - From: Berend de Boer <berend@x...>
- Re: Re: Are the data users happy? Why not?
  - From: ari@c... (K. Ari Krupnikov)
- Re: Re: Are the data users happy? Why not?
  - From: "Alaric B. Snell" <alaric@a...>

Prev by Date: Re: Re: Are the data users happy? Why not?
Next by Date: re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
Previous by thread: Re: Re: Are the data users happy? Why not?
Next by thread: re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >