Re: form handling
by Kukla Fran and Ollie <weblists2001(at)yahoo.com>
|
| Date: |
Mon, 08 Oct 2001 21:39:14 -0700 |
| To: |
<hwg-basics(at)hwg.org> |
| Cc: |
jim barchuk <jb(at)jbarchuk.com> |
| References: |
cablespeed |
| |
todo: View
Thread,
Original
|
|
Jim's comment bears repeating on its own:
-- snip --
>BTW for security reasons you should get rid of those HIDDEN fields and
>hardcode those VALUEs into the script.
For example, Matt's FormMail is widely used because of its simplicity, and
it does use hidden fields. However, and this is no flame at Matt's scripts
and his efforts (I used FormMail in the past when starting out), but the
original script does date from 1995, and even though the latest version (v
1.9 issued in August of this year) fills some security holes, there are out
there other simple scripts which do essentially the same thing as FormMail,
but follow Jim's important advice - the values are hardcoded into the
script itself.
Each web developer has to decide for him/herself whether the security,
simplicity and ease of a particular script should be for the benefit of the
developer (which appears to be the norm), or of the user (which is what it
should have been all along).
_________________________________________________________
Do You Yahoo!?
Get your free (at)yahoo.com address at http://mail.yahoo.com
HTML: hwg-basics mailing list archives,
maintained by Webmasters @ IWA