[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [ANN] Reactive Server Pages
- From: Chris Babcock <cbabcock@...>
- Date: Thu, 5 Aug 2010 14:18:06 -0700
On Thu, Aug 5, 2010 at 2:06 PM, Henk Boom <henk@henk.ca> wrote:
> It seems that the user can change any internal variables of the
> application by modifying the url, that seems like it could be a
> security concern in some cases. Is there a way of preventing that?
Like any web application, you still have to validate the user data.
You keep your internal variables separate from the user variables and
only load the user values into the *real* variables when they are
inbounds. That's a fairly common source of bugs in web apps written by
programmers whose experience is mostly on the desktop.
Chris
