now browsing by tag


Securing forms and URL data submissions.


Please see my article Vulnerabilities in forms and URL Parameters for more info on the vulnerabilities.

There are a few ways the data transmissions from forms and URL parameters can be made more secure. Some of these practices can be used, or all, for extra security. Below I’ve listed a few important guidelines and other tips that can be used to secure forms.

Golden Rule #1
Never rely on Javascript for error checking or to validate the content submitted. This is a poor mistake to make. Javascript is easily hackable because it is client-side script. This means that the processing of the code is carried out on the clients machine, the server-side script has no control over it. So a user can edit this code and change the way it processes data. This leads onto the next rule!

Read the rest of this page »