| Re: Validate Radio Buttons? [message #182398 is a reply to message #182396] |
Fri, 02 August 2013 23:54   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 8/2/2013 7:47 PM, Twayne wrote:
> On 2013-08-01 7:53 PM, Jerry Stuckle wrote:
>> On 8/1/2013 5:16 PM, Twayne wrote:
>>> On 2013-07-31 3:07 PM, Jerry Stuckle wrote:
>>>> On 7/31/2013 2:20 PM, Twayne wrote:
>>>> > Hi all,
>>>> >
>>>> > I was wondering what the general consensus might be on this:
>>>> >
>>>> > Should one Validate Radio Buttons for an online website contact form?
>
> ...
>
>>
>> No problem at all. I just build a page on my site (or locally if I have
>> a web server installed) and have the form's action= point at the script
>> on your site. I can place anything I want on the page and it will be
>> sent to your script.
>>
>> There is nothing which requires input to your site to come from a form
>> on your site. It can come from anywhere - something hackers use to
>> their advantage.
>>
>
> Nah, you'd have to do a more than that. That much I can test for myself.
>
>
>
>
What more do you want? I described exactly how an HTML page (no PHP at
all) could be built which can cause you a problem.
If you want the HTML to do it, try alt.html. That would be off-topic in
this newsgroup.
And BTW - HTTP_REFERER is another user-supplied field, and cannot be
trusted. It may easily be spoofed or could be absent. It is not to be
trusted.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]