Comments on: Bad Firebug! http://robertbasic.com/blog/bad-firebug/ the magic of coding... Sun, 08 Jan 2012 19:22:55 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jani Hartikainen http://robertbasic.com/blog/bad-firebug/#comment-3469 Jani Hartikainen Tue, 29 Dec 2009 06:55:38 +0000 http://robertbasic.com/blog/?p=833#comment-3469 I also tend to occasionally try breaking forms etc. on sites with Firebug or other tools, especially if I personally know is the developer =) A trick which most often causes totally unexpected output is changing the form field (or GET field) types post arrays. I wrote a post about it here with more details: http://codeutopia.net/blog/2009/10/21/did-you-think-your-site-validated-input-properly-think-again/ I also tend to occasionally try breaking forms etc. on sites with Firebug or other tools, especially if I personally know is the developer =)

A trick which most often causes totally unexpected output is changing the form field (or GET field) types post arrays. I wrote a post about it here with more details: http://codeutopia.net/blog/2009/10/21/did-you-think-your-site-validated-input-properly-think-again/

]]> By: johnjbarton http://robertbasic.com/blog/bad-firebug/#comment-3453 johnjbarton Mon, 21 Dec 2009 23:01:46 +0000 http://robertbasic.com/blog/?p=833#comment-3453 You are lame. You are lame.

]]> By: Robert http://robertbasic.com/blog/bad-firebug/#comment-3452 Robert Mon, 21 Dec 2009 21:55:04 +0000 http://robertbasic.com/blog/?p=833#comment-3452 Yes, verifying the "id" against another "id" which can not be (this easily) altered by a person is good. In the case of editing user profiles, the app can ask from the user his password, so the update sql becomes something like: "UPDATE user SET email = $email WHERE id = $id AND password = MD5($password)" which would require both the id and the password to match. Yes, verifying the “id” against another “id” which can not be (this easily) altered by a person is good. In the case of editing user profiles, the app can ask from the user his password, so the update sql becomes something like: “UPDATE user SET email = $email WHERE id = $id AND password = MD5($password)” which would require both the id and the password to match.

]]> By: RenĂ© Silva http://robertbasic.com/blog/bad-firebug/#comment-3451 RenĂ© Silva Mon, 21 Dec 2009 21:47:17 +0000 http://robertbasic.com/blog/?p=833#comment-3451 Interesting article, on a little framework I built upon CodeIgniter I used this "id" hidden input (I had to deal with the same situation :S), thought I also implemented a "verify_id" function that sometimes compared the "id" value with some value in the SESSION array, sometimes this "id" value referred to the value of an object of an owner (for example a post that belongs to an author), so I had to "verify" that the author had the permissions on the post. Finally, Firebug is our friend! Interesting article, on a little framework I built upon CodeIgniter I used this “id” hidden input (I had to deal with the same situation :S), thought I also implemented a “verify_id” function that sometimes compared the “id” value with some value in the SESSION array, sometimes this “id” value referred to the value of an object of an owner (for example a post that belongs to an author), so I had to “verify” that the author had the permissions on the post.
Finally, Firebug is our friend!

]]>