[TYPO3-core] RFC #9553: Bug: Form validation script jsfunc.validateform.js sometimes fails in IE
Vladimir Podkovanov
admin at sitesfactory.ru
Sun Oct 19 01:28:11 CEST 2008
Dmitry Dulepov wrote:
> Hi!
>
> Vladimir Podkovanov wrote:
>> Yes, I think it is good way and IMHO it should be configurable from
>> content element and in FORM cObj - choosing client side processing,
>> server side processing or both should be used.
>
> Server side processing must be always used. Client side is an addition,
> it can be switched off. But server side cannot and must not be switched
> off. This is security measure. It is possible to send form data using
> even telnet. If there is no server side checks, there is a big security
> risk for the system.
>
Hi! by server side processing I meant checking required fields, IMHO it
should not be security issue if it is switched off. By now it is working
only client side and could be easily tricked, so forms data can be sent
without required fields, it is annoying but not security problem.
BTW what about initial patch, it is no-brainer, could you look and
commit? Thx :)
More information about the TYPO3-team-core
mailing list