Question:
Keeping in mind what is the best practice for submitting submissions?
This may be a n00b question but I am worried that people may be able to present some data in their form. Take my example:
I have a form that contains a secret input that stores the user's unique Facebook ID. I take that Facebook ID and create a user account from it. If I use jQuery, will not some users be able to post data?
This is protected as a regular post. Both methods can be hijacked and data can be injected. The key is that your server validates data with side-script authentication, session, anti-counterfeiting, token etc.
Comments
Post a Comment