Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Unfornately, hardcoded values in the form are just as insecure as regular form values. There are two ways to attack a script. One is to put values in the form; hidden fields are safe from this. The other is to construct a fake POST after looking at the form. This is easy to do, and any value can be passed for any form field.

If you can, hardcoding the values in the script or a config file is much safer. You might not be able to if the values depend on which page is doing the calling, or is coming from a select box.

With fixed form fields, your validation job is easier. You know exactly what values are present in the page and what their format is. You don't need to accept input from people who will enter all kinds of stuff. You don't have to worry about nice error message. If there is an illegal value in a hidden form field, either there is a bug or someone is making an attack.


In reply to Re^5: CGI recipient Option by iburrell
in thread CGI recipient Option by quissett

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (3)
As of 2024-04-15 03:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found