Page 1 of 1

hidden values vs sessions.

Posted: Fri Feb 23, 2007 8:06 am
by murlopaz
Are sessions more secure then hidden values passed through post?

In my opinion yes, since a hacker that knows the name of the variable that is passed can spoof the form submition.

What do you think?

Posted: Fri Feb 23, 2007 8:46 am
by superdezign
Server-side is always more secure than client-side.

Get firebug and try editing HTML on a page. Hidden fields are barely secure at all.

Posted: Fri Feb 23, 2007 11:23 pm
by Tommy1402
sorry if this question sounds silly..
but, what are the benefit of using hidden value ?
thanks

Posted: Sat Feb 24, 2007 2:45 am
by nickvd
Tommy1402 wrote:sorry if this question sounds silly..
but, what are the benefit of using hidden value ?
thanks
It's a quick and dirty way of transfering data from one page to the next... sessions is almost always the best choice...