So, the client can have an old idea of the object properties for the object when it goes to buy. This can cause a problem in the buy process. Additionally Hazim mentioned that the buy packets are spoofable. The core modules are the crowing glory example of best practice :P, so therefore, setting the example here, Validate Client sent Buy Data. WebAppSecurity 101, Never trust a client. Validate Validate Validate! Or you'll have problems whether intentional or not.

0 files changed, 0 insertions, 0 deletions