João P. BragançaAll too often, security is treated as an afterthought in our models. I’m as guilty of this as anyone. :) Now that HTTP is becoming the most popular protocol inside the enterprise, sending bad data across the wire becomes much easier. A hidden input field is not all that hidden.
Let’s take everyone’s second favorite fake business problem: Enrolling Students in Classes. Let’s take it further and say we want to develop this as a SaaS product.
João P. BragançaRecently, a client wanted to know why certain product they had installed was performing so horribly from their overseas office when it worked just fine over here. I had my suspicions but I wanted to confirm it.
So, I had him put in fiddler. If you haven’t heard of this tool, get it now. It will save you a ton of time when debugging any http issue.
Anyway, my suspicions were confirmed: