Could a Malicious Hacker Alter a Hidden Post Variable

后端 未结 1 634
借酒劲吻你
借酒劲吻你 2021-02-11 14:51

I know that a POST can be spoofed in terms of originating domain, but what about being able to change the variables of the hidden POST variables in my HTML? I am concerned that

相关标签:
1条回答
  • 2021-02-11 14:55

    Yes, it is trivially easy for anyone to modify your form variables. Whether they are GET or POST doesn't matter at all.

    Web security rule #1: Never trust any user input. Also stated as "All users are malicious hackers" or some variant thereof.

    answer to comment: The solution is to know all of the correct values on the server side, without having to pass them through the client side (Javascript). So regardless of what the form says, you already know the price. Just use the same value you used to populate the form in the first place.

    0 讨论(0)
提交回复
热议问题