thr3ads.net - Rails - Are hidden fields that secure? [Sep 2008]

If this information is useful, please help other people find it:
Share via:

max

2008-Sep-24 16:28 UTC

Are hidden fields that secure?

Im seeing a lot of my forms having hidden fields to send one or two
id''s back to the controller. Is this safe? can a user edit this before
sending the form and send stuff they should''nt?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thorsten Müller

2008-Sep-24 16:32 UTC

head link

Re: Are hidden fields that secure?

No, NOTHING that comes from a browser is secure.
Users can edit and change whatever they want.

You must double check everything against the current login
stored in the session, since that''s the only secure information
you have
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Rails - Sep 2008 - Are hidden fields that secure?

Are hidden fields that secure?

Re: Are hidden fields that secure?