hidden values vs sessions.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
murlopaz
Forum Commoner
Posts: 60
Joined: Wed Oct 11, 2006 5:02 pm
Location: Baltimore, MD, USA

hidden values vs sessions.

Post by murlopaz »

Are sessions more secure then hidden values passed through post?

In my opinion yes, since a hacker that knows the name of the variable that is passed can spoof the form submition.

What do you think?
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Server-side is always more secure than client-side.

Get firebug and try editing HTML on a page. Hidden fields are barely secure at all.
Tommy1402
Forum Newbie
Posts: 23
Joined: Tue Oct 03, 2006 4:33 am
Location: bandung
Contact:

Post by Tommy1402 »

sorry if this question sounds silly..
but, what are the benefit of using hidden value ?
thanks
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Tommy1402 wrote:sorry if this question sounds silly..
but, what are the benefit of using hidden value ?
thanks
It's a quick and dirty way of transfering data from one page to the next... sessions is almost always the best choice...
Post Reply