On 03.01.2009 20:03, Eddy Nigg wrote:
On 01/03/2009 09:03 PM, Nelson B Bolyard:
I hate to say it, but it's possible for the browser user to change those
values without either (a) modifying the browser or (b) using some proxy
tool.
I don't know another way, but I'm glad to learn how.
You can pretent to be a browser and do it by hand.
We regularly do that when we alter Google query URLs. Modifying a POST
is a bit harder, but not much different conceptually. I'm sure you use
cookies and stuff, but that's not hard either (see wget etc., I can even
do it in telnet). If you use JS to verify that it's a browser, that's
kind of silly and locks some users out.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
