• Subject: RE: CGI Fact Finding Mission (Need Input)
  • From: "Stone, Brad V (TC)" <bvstone@xxxxxxxxxxxxxx>
  • Date: Fri, 19 Nov 1999 10:00:14 -0600

--snip--
> 
> You pointed out that JavaScript can be used to verify
> input before being sent to the server.  Does that mean
> you have no input verification on the server side?  If
> so, are you not concerned about crackers sending faulty
> or malicious data directly to your server?  Even if you
> put some verification on the client side, you still have
> to verify data on the server side anyways.

Hi Hans!

My main point about verification with Javascript is that you can do things
like check for blank fields, etc. before going to the server.  There isn't
any other way withough loading another page (or the same page to display
errors).  Javascript it faster for this, and also the user does not "lose
his place" when he gets to a screen that says "you need to enter your phone
number.  Use the back button to return to the form".  If he gets a dialoge
box that says "Hey bud, enter your phone number!" it makes more sense to the
average windows user.  That would be like instead of displaying program
messages on a green screen, going to another screen that says "Invalid
Customer Number.  Press F12 to return to your screen."

Of course we have validation on the server side, but if I can use Javascript
for a part of it, it will make things move smoothly.

As far as "malicious" data being sent it.  Not worried in the least bit.  So
what if a user sends me a bad item number, credit card number, etc.  It's
not going to crash my system.  Designed properly, I don't see how a hacker
could cause any problems using query string or standard input data.  If you
have an example, I'd love to hear it.  Maybe there's something I'm
overlooking.

Bradley V. Stone
BVS/Tools
http://www.bvstools.com

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].