On 01/04/2009 12:46 AM, Nelson B Bolyard:
Eddy Nigg wrote, On 2009-01-03 14:25:
On 01/03/2009 11:54 PM, Nelson B Bolyard:
Eddy Nigg wrote, On 2009-01-03 11:03:
On 01/03/2009 09:03 PM, Nelson B Bolyard:
I hate to say it, but it's possible for the browser user to change those
values without either (a) modifying the browser or (b) using some proxy
tool.
I don't know another way, but I'm glad to learn how.
It's pretty easy to alter a downloaded form by saving the page containing
that form to a local file (File->Save Page as), then edit the file, then
use a file:// URL to visit the edited file and continue the session with
the edited form. There are countermeasures and counter-counter measures
to this sort of thing. There are still other ways to achieve this.
Oh well, that wouldn't work to start with...
Because ?
Because! :-)
If you check the referrer URL, that can be faked, too.
I know that too :S
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
