Re^3: Sending a mail with Perl, nah.. the same and same question...

To reinforce what has been said by Corion and marto: never, ever trust input from the client. Validation done on the client side is only to optimize the input loop by reducing the number of round trips needed to the server.

Assume that you client can (and will if you are really paranoid) put anything on the wire that they wish. I have had to fight the attitude that 'we are not dealing with smart hackers here' when doing code audits (previous life), and was constantly amazed at the lack of concern shown toward basic application security.

--MidLifeXis

Comment on Re^3: Sending a mail with Perl, nah.. the same and same question...

Replies are listed 'Best First'.
Re^4: Sending a mail with Perl, nah.. the same and same question... by heatblazer (Scribe) on Mar 29, 2012 at 14:14 UTC
I don`t need a tutorial, just a simple guideline, that was sufficient, I`ll keep in the security direction from now on and stress on serverside instead of js. Thank you all for being verbose here.	[reply]
Re^5: Sending a mail with Perl, nah.. the same and same question... by MidLifeXis (Monsignor) on Mar 29, 2012 at 14:20 UTC
Do not misapply what I was saying. Security is a mindset, not just a bolt-on solution. It is not just a matter of doing validation on the server-side. It is a matter of trust, good programming practices, knowing what code you are running, and a plethora of other things. --MidLifeXis	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.