W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2012

[whatwg] including <output> in form submissions

From: Bjartur Thorlacius <svartman95@gmail.com>
Date: Fri, 24 Feb 2012 09:30:21 +0000
Message-ID: <81FB459D-FAAC-4AD2-8FA0-5F0AA8B7898F@gmail.com>
On Feb 24, 2012, at 12:18 AM, Michael Gratton wrote:

>> But in general, I recommend against this. Anything that can be  
>> computed
>> should be computed on the server to obtain the canonical value,  
>> otherwise
>> you open yourself up to attackers sending you inconsistent data.
> While for applications where trust is an issue one clearly needs to
> check calculations server-side. When it is not however, this would  
> be a
> welcome addition.
The principle of least authority applies. In general, neither the  
client nor the link he communicates over should not be trusted  
Received on Friday, 24 February 2012 01:30:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:40 UTC