Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
yeven2015-08-28 12:09:11
Ruby on Rails
yeven, 2015-08-28 12:09:11

Protection of the site from the substitution of input fields. How to implement?

Good day. There are input fields on the site that are checked only by means of JS and then cleared by filters in the PHP script, but almost everyone knows that a POST request can be sent not only by clicking on the submit button :) The most important point for me is the substitution of price and quantity items. That is, an attacker, or a freeloader, can send 1000 items to the script at the price of 1 kopeck and the script eats this business without blinking an eye, redirecting it to the payment page. How to be? Is there an easy implementation?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir Martyanov, 2015-08-28
@yeven

Rule of thumb: don't trust user data. On the server, get the price and other necessary information by the product ID.

Similar questions
A
Alexander Gonchurin2015-03-30 21:38:30
How to skillfully work with Sidekiq and queues? 2Reply
K
kramidev2015-04-05 20:44:39
Carrierwave && dropzone-rails doesn't load in the uploads folder. Only in tmp. What is the problem? 2Reply
K
kramidev2015-04-06 20:00:42
resize Carrierwave and ImageMagick not working? 1Reply
R
Ruslan Galiev2015-04-09 14:25:02
Rails how to correctly set environment variables when deploying an application? 1Reply
A
Alexander Wolf2015-04-11 21:22:44
Russian characters in send_file? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question