OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] OT: client vs. server-side validation (was: Are the data u

[ Lists Home | Date Index | Thread Index ]

On Monday 24 February 2003 17:40, K. Ari Krupnikov wrote:
> "Alaric B. Snell" <alaric@alaric-snell.com> writes:
> > You can sometimes have fun with shopping sites that use third party
> > credit card payment systems by getting to the page that has the form that
> > submits to the third party, saving it to disk, editing the hidden fields
> > for 'amount' to a smaller number but leaving the order number intact,
> > then submitting it.
> I keep hearing it... Have you actually seen this exploited? Don't
> implicate yourself, if you had a *friend* who did, that should be
> enough to satisfy my curiosity.

Not a friend, but a friend of a friend! This was a couple of years ago. Hrm, 
I think it may have been mentioned in NTK?


But I've not had any luck getting search terms that pick it up...

> Ari.


A city is like a large, complex, rabbit
 - ARP


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS