|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: GET and POST Methods Accepted
From: John GALLET (john.gallet
wanadoo.fr)
Date: Thu Oct 13 2005 - 07:40:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi there,
> Do any of you test for this issue - what are your results?
It is so easy (check curl lib for example if you want to send post data in
automated scripts) to provide your application with the data the way you
want it, be it GET, POST, COOKIE, that it's not even worth bothering
checking how it came in.
Test the contents of your data, not the way the vars were transmitted.
Same goes for anything provided by the client such as referrer for
example.
HTH
JG
PS : French speakers might be interested in
www.saphirtech.com/securite.html about what's totally useless in terms of
security considering how easy to spoof.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]