OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   OT: client vs. server-side validation (was: Are the data users happy? Wh

[ Lists Home | Date Index | Thread Index ]

"Alaric B. Snell" <alaric@alaric-snell.com> writes:

> You can sometimes have fun with shopping sites that use third party credit 
> card payment systems by getting to the page that has the form that submits to 
> the third party, saving it to disk, editing the hidden fields for 'amount' to 
> a smaller number but leaving the order number intact, then submitting it.

I keep hearing it... Have you actually seen this exploited? Don't
implicate yourself, if you had a *friend* who did, that should be
enough to satisfy my curiosity.



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS