Re: Form-based File Upload in HTML

David - Morris (dwm@shell.portal.com)
Fri, 27 Jan 95 02:32:17 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David - Morris: "Re: <PRE tab-width=4>"
Previous message: Ernesto_Nebel.sd@xerox.com: "Re: Form-based File Upload in HTML"

For security reasons, hidden fields should never be allowed to influence
what files might be retrieved. Hidden fields shouldn't ever be thought
of as anything but server state information to be returned to the server
without presentation to the user and without modification. If hidden
data formed some part of the identification of the file to be retrived,
a nasty server could possibly retrieve unauthorized data.

Dave Morris

Next message: David - Morris: "Re: <PRE tab-width=4>"
Previous message: Ernesto_Nebel.sd@xerox.com: "Re: Form-based File Upload in HTML"