W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2012

[whatwg] including <output> in form submissions

From: Bjartur Thorlacius <svartman95@gmail.com>
Date: Fri, 24 Feb 2012 09:30:21 +0000
Message-ID: <81FB459D-FAAC-4AD2-8FA0-5F0AA8B7898F@gmail.com>
On Feb 24, 2012, at 12:18 AM, Michael Gratton wrote:

>> But in general, I recommend against this. Anything that can be  
>> computed
>> should be computed on the server to obtain the canonical value,  
>> otherwise
>> you open yourself up to attackers sending you inconsistent data.
>
> While for applications where trust is an issue one clearly needs to
> check calculations server-side. When it is not however, this would  
> be a
> welcome addition.
The principle of least authority applies. In general, neither the  
client nor the link he communicates over should not be trusted  
unnecessarily.
Received on Friday, 24 February 2012 01:30:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:40 UTC