NYCPHP Meetup

NYPHP.org

[nycphp-talk] "The Web is broken and it's all your fault."

Chris Shiflett shiflett at php.net
Wed Sep 20 02:55:02 EDT 2006


Anirudh Zala wrote:
> This is good point "Nothing can be trusted." This is similar
> like validating client data using JS. But from client point
> of view, can't browser help bit to filter input directly
> from there and ask client to make necessary corrections?

No, client-side filtering has zero security value.

Imagine this. You're hosting an invite-only costume party somewhere in
New York. Everyone is encouraged to wear a mask.

In order to make sure only invited people attend, you post the following
notice at the entrance:

"So that you can enjoy the anonymity of your costume, we are not
checking invitations or names, but please do not enter if you were not
invited."

Does this notice seem sufficient, or should you check invitations at the
door?

Chris

-- 
Chris Shiflett
Principal, OmniTI
http://omniti.com/



More information about the talk mailing list