mod-security-users

[mod-security-users] hidden fields

[Diego P. <die...@ho...>]

Using mod_security, how can i prevent that users change forms hidden fields 
in POST requests? is it possible?

I read that some web app firewalls (commercial products) checks the hidden 
fields contained in the forms and validate against the POST (preventing that 
user change values)

thanks you

Re: [mod-security-users] hidden fields

[Jamie K. <jkr...@gm...>]

You're better off validating the hidden fields programatically.
mod_sec won't know what the fields are let alone what values they're
supposed to be.

Jamie

On 2/24/06, Diego Pellegrino <die...@ho...> wrote:
> Using mod_security, how can i prevent that users change forms hidden fiel=
ds
> in POST requests? is it possible?
>
> I read that some web app firewalls (commercial products) checks the hidde=
n
> fields contained in the forms and validate against the POST (preventing t=
hat
> user change values)
>
> thanks you
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
> that extends applications into web and mobile media. Attend the live webc=
ast
> and join the prime developer group breaking into this new coding territor=
y!
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=
=3D121642
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>