[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Risk in Validating new password at client side

From: "White, Dain P" <dainw@xxxxxxx>
Subject: RE: [WEB SECURITY] Risk in Validating new password at client side
Date: Mon, 6 Aug 2007 09:14:10 -0700

What happens if someone has javascript turned off? Wouldn't that be a
p0rbl3m?

~Dain

-----Original Message-----
From: Appsec Punter [mailto:appsec.punter@xxxxxxxxx] 
Sent: Monday, August 06, 2007 3:46 AM
To: websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] Risk in Validating new password at client side

Hi List,
What could be the risk/problem if application validates the new password
and confirm new password (same or not) at the client side? Application
doesn't send the confirm password at all to the server. It sends only
old n new password. 
I can only think of violating password policy. 
Any other issues..

Thanx in advance.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Risk in Validating new password at client side
  - From: Appsec Punter

Prev by Date: [WEB SECURITY] Risk in Validating new password at client side
Next by Date: Re: [WEB SECURITY] Risk in Validating new password at client side
Previous by thread: [WEB SECURITY] Risk in Validating new password at client side
Next by thread: Re: [WEB SECURITY] Risk in Validating new password at client side
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site