Re: Form-based File Upload in HTML

David - Morris (
Fri, 27 Jan 95 02:32:17 EST

For security reasons, hidden fields should never be allowed to influence
what files might be retrieved. Hidden fields shouldn't ever be thought
of as anything but server state information to be returned to the server
without presentation to the user and without modification. If hidden
data formed some part of the identification of the file to be retrived,
a nasty server could possibly retrieve unauthorized data.

Dave Morris