Re: HIDDEN form field
by "Captain F.M. O'Lary" <ctfuzzy(at)canopy.net>
|
| Date: |
Mon, 04 Sep 2000 15:15:52 -0400 |
| To: |
"Michael T. Patterson" <mikep(at)va-hi.com>,
HWG <hwg-basics(at)hwg.org> |
| In-Reply-To: |
hi |
| |
todo: View
Thread,
Original
|
|
Mike,
I think you answered your own question.
If the viewer's ability to alter your form data is unacceptable - "HIDDEN"
isn't going to meet your needs.
This is an age old question: "how do we hide the source from the viewer?"
Bottom line: You can't. Your best hope is to generate the info you need
"hidden" from a server side script.
HTH,
Fuzzy
At 02:19 PM 9/4/00 -0400, Michael T. Patterson wrote:
>Hi all,
>
>HTML forms incorporate the HIDDEN field so that we might pass data from
>one form to the next without a visitor viewing that data. E.g.,
>incomplete form snippet:
>
><form>
><input type="hidden" name="payment" value="100">
></form>
>
>But the data is not really hidden: a visitor can view the source of the
>web page and thus see the hidden field and the value it contains.
>
>If the hidden data can be viewed, is it possible for a visitor to change
>that data before submitting the form? What would stop a person from
>editing the page in his/her favorite wysisyg editor, changing a hidden
>value (which might be an important value), saving the page, opening it
>in a browser and then submitting it?
>
>Maybe a better way to phrase this question is: should we be relying upon
>hidden values to correctly process a sequence of forms?
>
>Thanks,
>Mike
>
__________________________________________________________________
Captain F.M. O'Lary
webmaster(at)canopy.net
A Life? Cool! Where can I download one?
------------------------------------------------------------------
HTML: hwg-basics mailing list archives,
maintained by Webmasters @ IWA