5 Feb
2004
5 Feb
'04
8:43 a.m.
Marcello Parra Martins wrote:
I dont know if this was discussed here before... Anyway.. is there an easy way to protect user from changing the arguments passed in a URL ?
No! You should *never* use the url as security. You should allways test the input you receive from both a form or a url. Never trust them. It is very easy to either use a browser that can be fooled or to write a programme that can send arbitrary urls. If you need to trust the input from your url's, you are doing it wrong! regards Max M