Client side security
Posted by Jonas Elfström Mon, 30 Apr 2007 10:54:00 GMT
When building a web application you can never ever trust that any of the data from the client will be untampered with.
Some problems I've seen in the past:
Having sensitive data in hidden input fields.
Storing sensitive data in cookies.
- This is not a very common problem since almost all web application frameworks handles this for you by only storing a session id in the cookie and the actual data on the server.