• To: "Alaric B. Snell" <alaric@a...>
• Subject: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
• From: ari@c... (K. Ari Krupnikov)
• Date: 24 Feb 2003 17:40:43 +0000
• Cc: ari@c... (K. Ari Krupnikov), Berend de Boer <berend@x...>, <michael.h.kay@n...>, <xml-dev@l...>
• In-reply-to: <E18nGAf-000320-00@c...>
• References: <000701c2db85$b7328570$6401a8c0@pcukmka> <uel5yd4r1.fsf@x...><f0f4r6uedl7.fsf@p...><E18nGAf-000320-00@c...>
• User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

"Alaric B. Snell" <alaric@a...> writes:

> You can sometimes have fun with shopping sites that use third party credit 
> card payment systems by getting to the page that has the form that submits to 
> the third party, saving it to disk, editing the hidden fields for 'amount' to 
> a smaller number but leaving the order number intact, then submitting it.

I keep hearing it... Have you actually seen this exploited? Don't
implicate yourself, if you had a *friend* who did, that should be
enough to satisfy my curiosity.

Ari.

• Follow-Ups:
  • Re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
    • From: "Alaric B. Snell" <alaric@a...>
  • re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
    • From: David Megginson <david@m...>

• References:
  • RE: Re: Are the data users happy? Why not?
    • From: "Michael Kay" <michael.h.kay@n...>
  • Re: Re: Are the data users happy? Why not?
    • From: Berend de Boer <berend@x...>
  • Re: Re: Are the data users happy? Why not?
    • From: ari@c... (K. Ari Krupnikov)
  • Re: Re: Are the data users happy? Why not?
    • From: "Alaric B. Snell" <alaric@a...>

• Prev by Date: Re: Re: Are the data users happy? Why not?
• Next by Date: re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
• Previous by thread: Re: Re: Are the data users happy? Why not?
• Next by thread: re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
• Index(es):
  • Date
  • Thread