Eddy Nigg wrote, On 2009-01-03 14:25: > On 01/03/2009 11:54 PM, Nelson B Bolyard: >> Eddy Nigg wrote, On 2009-01-03 11:03: >>> On 01/03/2009 09:03 PM, Nelson B Bolyard: >>>> I hate to say it, but it's possible for the browser user to change those >>>> values without either (a) modifying the browser or (b) using some proxy >>>> tool. >>> I don't know another way, but I'm glad to learn how. >> It's pretty easy to alter a downloaded form by saving the page containing >> that form to a local file (File->Save Page as), then edit the file, then >> use a file:// URL to visit the edited file and continue the session with >> the edited form. There are countermeasures and counter-counter measures >> to this sort of thing. There are still other ways to achieve this. > > Oh well, that wouldn't work to start with...
Because ? If you check the referrer URL, that can be faked, too. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
