Greetings,
In my humble opinion. It is best to use only the POST method within such forms, and simply drop
attempts submitted via GET. This greatly eliminates common methods to alter submissions via the
URL/Location field(s) in their web client (browser). eg;
http:/your.domain/location/to/your/script?product=expensive-product&price=free
While
hidden fields aren't really hidden, should anyone simply choose View->Source, from their browser. It is fairly trivial to encode those fields via base64, or even sha256. All modern browsers will render those fields correctly. But a View->Source will reveal only seeming gibberish. While a savvy seasoned programmer/user might recognize the fields as being "packed". Is it
really worth the bother?
Anyway. While it isn't ever really possible to
completely secure online form(s)/form data. Things like this, that "raise the bar to entry" will usually thwart most attempts. If for no other reason being, that it simply doesn't seem worth the bother.
HTH
--Chris
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.